For a number of years now I have used my old desktop computers to act as firewalls for my home network – when my desktop is upgraded the old firewall is freecycled and the old desktop becomes the new firewall.
A powerful desktop computer in a large tower case has a number of disadvantages however, both in terms of it’s physical size and the amount of power it needs to run on a 24/7 basis. So I have been meaning for some time to replace my firewall with a small, purpose built, low power system.
In the last few weeks I have finally got around to going ahead with this task so, after some hours perusing the hardware porn at LinITX I ordered an Intel D945GSEJT Atom based Mini-ITX motherboard and the exceedingly tiny Mini-Box M350 case. Here we see the result, with a 2Gb SODIMM and a 4Gb SATA flash module added.
Firewall with motherboard, memory, SATA flash module and WIFI aerials installed
Also visible here are a pair of dual frequency (2.4/5.0 GHz) aerials for WiFi as the firewall will also be replacing my existing wireless access point. An extra hole had to be drilled in the back plate for the second aerial, which necessitated a trip round the corner to the hardware store as sod’s law dictated that a 6.5mm hole was needed when the largest HSS bit in my collection was 6mm in size…
Part of my LinITX order was an Intel 512AN Mini-PCIe wireless card – this was carefully chosen based on the fact that Intel WiFi cards are well supported in the linux kernel with modern, mac80211 based drivers. Unfortunately as soon as I started investigating how to configure it as an access point it quickly became clear that the drivers for the Intel WiFi cards do not, in fact, support AP mode. The main authors of the drivers appear to be Intel themselves, and there seems to be little enthusiasm for supporting AP mode.
So that card went back (distance selling regulations to the rescue!) and in it’s place I sourced an Atheros card instead, which was easier said than done – Mini-PCIe wireless cards are surprisingly hard things to find, perhaps because they mainly sell to laptop manufacturers on a wholesale basis. I also had to wait a full week for Royal Mail to manage to deliver it (a first class recorded package) and that was before they went on strike!
While I was waiting for the replacement wireless card to arrive I was able to install the PCI riser (which had arrived a few days late having been missed when my order was packed) and a gigabit network card harvested from my old firewall which would provide the second network port needed in the firewall.
Firewall with PCI riser and gigabit network card installed
Finally, the replacement wireless card arrived and was installed in the Mini-PCIe slot (under the PCI card) and the aerials connected. All that was then needed was to knock up a configuration file for hostapd and it was up and running as an AP and the radio on my old Netgear access point could be turned off.
The only outstanding issue is that while my laptop (running linux) is quite happy to talk to the new AP my Windows Mobile 5 PDA seems to object to it for some reason that is still not entirely clear – it appears to successfully attach to the wireless network and sends DHCP requests but seems to be unable to receive (or perhaps to decrypt) the replies.
The completed firewall, all ready to be installed
So, after all that, my new firewall/access point is now installed in my network and, within a few hours of offering my old firewall on freecycle about a dozen different people had offered to take it (despite it lacking any operating system) and it now has a new home.
Hey Tom, Duncan here. Nice little project. I was thinking about building one of these using a Gumstix board. Was quite an expensive solution though so I’m still waiting to find a cheap one on ebay…
Mine came in at about £290 in the end, including the change of WiFi card which added an extra £10 or so to it.
I have access to a D945GCLF2D motherboard with an Atom 330 on board. However, it has a PCI slot and not mini PCIe slot. My question is if I should use a usb 2.0 ethernet adapter or a PCI adapter. It seems to me the USB 2.0 can operate around 400 mb/s but the PCI at only 133 mb/s.
Any advice? Should I keep looking until I can find the D945GSEJT that the author is using?
The PCI bandwidth will be higher than that if the card and/or motherboard support 64 bit and/or 66Mhz operation.
Great, thank you. In that case the PCI card should not choke things much, if at all. It seems a Gigabit is about 125 MBytes and the PCI card at 66Mhz should be able to handle this. I do not need the bandwidth currently but one should consider the future (my oldest son is 5 and will soon be demanding resources!).
Hopefully, I can order this package and have it running shortly.
Well 802.11n won’t go to a gigabit anyway, so if you’re using it for a wireless card then even with 802.11n the maximum theoretical bitrate is 600Mbit/s and practically it will be less than that. Which means even a 32 bit, 33MHz PCI card should be able to handle it.
Can you tell me what card You inserted in Your Project? I’m looking for Mini-PCIe Wifi 802.11n card with Master mode to work as Access Point and can’t find anything :/ Thx in advance
It was a SparkLAN WPEA-110N which is based on the Atheros AR9280 chipset. I got it (in the UK) from OxfordTEC.
Could you please write more about the wifi card. Name or chipset would be helpful. I’m trying to do the same thing you did and I have to choose a wifi card.
Sorry I think I’ve missed your last post :)
Thomas,
Can you tell me if you’re able get your WPEA-110N operating on bother 802.11n and 802.11g simultaneously using hostapd?
I’m building a similar type setup and my goal is to be able to provide 5Ghz 802.11n as well as 2.4ghz 802.11b/g (Similar to how an Apple Airport Extreme/Time Capsule works).
As far as I know both are working but I don’t have any 11n devices so I haven’t tested that side of things yet.
Can you provide the output from #iw list ?
This is the iw list output: