I want to filter out all the Microsoft telemetry traffic and Chinese & Russian scanning my router. I have just came across to this (pic related) on Amazon and was wondering a quad core Arm is strong enough to run things like Snort, and Linux router distribution. I don't feel like spending $200 for god only knows what's in it from Netgear or something.
Spec of the board is on the web page.
Other urls found in this thread:
amazon.com
oldwiki.archive.openwrt.org
pcengines.ch
pcengines.ch
minifree.org
espressobin.net
amazon.com
troubleshooters.com
calomel.org
twitter.com
OP here I forgot to give URL
amazon.com
says it is Libre capable.
Key Features:
Quad-Core 64-bit ARMv8 Cortex-A53 CPU with NEON and Crypto Extensions
Penta-Core ARM Mali-450 MP3 GPU with OpenGL ES 2.0 @ 750MHz
2GB of DDR3-2133 SDRAM on 32-bit Bus for up to 69Gb/s Unified Memory Bandwidth
Multi-Plane Multi-Format 2.5D Programmable Pipeline Display Engine with HDMI 2.0 Output
4K Ultra-HD High Dynamic Range Video Engine with Hardware Accelerated Decoder for VP9, H.265, H.264
Form Factor and GPIO Compatibility with Raspberry Pi 3 for Maximum Re-usability
Supported Operating Sytem Images:
Ubuntu 18.04 Bionic LTS
RetroPie
Android 8.0 Oreo (Requires eMMC)
CoreELEC (Kodi)
LibreELEC (Kodi)
Armbian
Ubuntu 16.04 Xenial LTS
Debian 9 Stretch
Raspbian Stretch
Lakka 2.1+ (RetroArch/Retro Gaming)
Android 7.1 Nougat
Android 9.0 Pie (Coming 2018 Q4)
You sound like you need advanced pfsense-like features.
I'd get a cheap Xiaomi WiFi 3g and flash it with an openwrt rom. Then bridge it with your normal router
laptop + gigabit nic + pfsense
I tried it with Thinkpad E560, I have to add USB 3.0 dongle ethernet (1 Gbits), but it was awfully slow compared to my $80 Netgear router (which is a crap). The average through rate for Thinkpad pfsense was around 400 mbits/s whereas I can get 950 mbits/s on $80 router.
>One network port
You'd either need a separate switch and VLANs, or a USB dongle (which is shit)
just use openwrt, you're not going to get very far in terms of performance without the hardware acceleration these router chips provide
If your goal is to just install a plain vanilla Linux distro and build your router system from scratch, then I wouldn't fuck around with anything ARM. All the RPi clones have annoying problems and limitations that you just won't face on x86 desktop hardware. Even if that desktop hardware is very cheap and low-powered stuff.
also tiny ARM boards only save you a few watts when the system is mostly idle. If you can afford to own the thing at all, the extra power an x86 system will use doing router tasks is trivial.
Use OpenBSD and make sure that thing can get gigabit ethernet
I did this project recently and I used a MintBoxMini2, which is $300 and a preconfigured fitlet2. It's a little overkill and too expensive but I have a good job and no kids.
Another solution is PCEngines. pcengines.ch
Something built around an APU2D4 pcengines.ch
This x100
You can install linux on any machine lol
There's also this?
>256mb ram
That thing can't run snort. Running blocklists would be more more efficient.
Espressobin board is actually made for network processor/router/firewall/traffic shaping workloads.
Marvell Armada Cortex-A53 dual-core
1GB or 2GB RAM
1 SATA interface (has 12V header for connecting a 3.5-inch drive)
2 Gigabit Ethernet ports
1 Topaz Network Switch
1 USB 3.0
1 USB 2.0
Full spec here: espressobin.net
Costs $49 plus any 12V power supply (about $10, even less on Aliexpress).
>want to run snort
just setup port mirroring and send same traffic to a big ass switch for all your devices and then the same traffic to 1 fucking port that has your machine that runs snort on it and read all the data. this way if that machine falls behind it doesn't make your network slower.
also this is the best answer in the thread really, other than something x86 related
only issue is it doesn't auto power when it loses power. get a fucking battery backup
>Banana Pi
They're notorious for not working at all. Go on any embedded SoC board discussion site (e.g Armbian, CNX Software), and the comments are full of complaints about Banana Pi boards not doing a single fucking thing it has promised to do, and the manufacturer not having a single person who can write back an e-mail response in understandable English.
>arm
>overpriced meme pie garbage
Don't fall for that marketing scam OP. Buy a PC Engines APU and slap OpenBSD on that baby.
banana pi work great, I have 7 of the original ones running for the past 2-3 years 24/7 no issues at all.
orange pi is the ones that are fucking garbage
Not the guy you are answering to, but I own a BPI R2 and it is awful. The hardware would be more than acceptable, but the software is just a piece of shit - it being advertised as a "networking board" does not mean it actually works at all. The Wifi interface did not work up until recently, and AP mode leaves a lot to be desired, furthermore the only really networking-oriented software that it has support for, openwrt, uses a ramdisk as a storage solution and therefore any settings you might have set will be reset once rebooted.
All the actually redeeming features come from the community's efforts to create something resembling an actually good product.
All in all, I'm never buying bananapi again, but maybe other boards are better from them - did not have the possibility to try them out.
Sidenote: orange pis are fucking great if value is something you're looking for as the huge support from their government allows them to sell device's well below their BOM cost. This does not mean they're very good, but nice to have if you just want to experiment with sbcs.
yea, with banana pi, orange pi, and several others of the chinese the software is literally "good fucking luck"
that's why raspberry pi stays relevant, they actually give a fuck about their software.
256MB is more than enough for a router
The current recommendation (RFC3439) for buffer capacity is RTT*C/sqrt(N) per link, RTT being round-trip time, C being the capacity of the link (speed, so to say) and N the number of links.
This means that a gigabit connection will require around a gigabit buffer space for each s in RTT - which is easily reachable if the circumstances are worst-case.
That means that 128MiB is used up by buffer space alone.
The other 128MiB to run a full fledged operating system is less than ideal.
the mobo sitting there looks like a dog. the chips being the eyes and nose and the usb's being the front paws.
Most of orange Pis — popular ones, at least — have Armbian build, what more do you need?
yea, "good fucking luck" on software, someone else does it for them. And half the shit doesn't work. Where was I saying anything otherwise?
Orange pi Zero isn't even usable lol
My router has 50mb of ram lol
This. I ran an OpenBSD box for a year and a half off of an old QuadCore AMD system I had lying around using the built NIC, an add-on PCI express NIC (both RealTek chipsets). 7200 rpm SATA drive and 8 gigs of ram.
the box never touched more than 1 gig of ram for its running processes and I had a decently complex PF setup with several anchors in the rule set. Also ran DHCP and DNS for my house off it. Had a Mumble server for Vidya Game friends running the whole time with port forwarding, they never noticed when I swapped this router in for the DD-WRT box I had previously.
the OpenBSD man pages and FAQ are obviously preferred in terms of seeing best practices and rock bottom basics, but these 2 sites were helpful in getting me clued in on some finer points that the FAQ leaves out:
Raspberry pi +pihole
>I want to filter out all the Microsoft telemetry traffic and Chinese & Russian scanning my router
good luck with SSL deep packet inspection
>was wondering a quad core Arm is strong enough to run things like Snort, and Linux router distribution
depends on your bandwidth. but then again this thing has probably a shitty meme usb 100mbit ethernet adapter so go on and waste your time and money