This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Question About Operating System
#1
Lightbulb 
Greetings All,

I have been wondering if I can use a Tinker Board for my firewall/router. Currently I am running pfsense on an older netbook, however, I am looking for something more compact. My main question here though is: Has anyone had experience installing freeBSD or for that matter pfsense on a Tinker Board?

Hope this post finds you all well,

TWB
Reply
#2
You might find suitable with DietPi, for such purpose. But it is not a freeBSD OS. Most of the OSs available are debian derived.
By DietPI you may select the programs useful for your own scope, so it will take a little space.
Reply
#3
(08-12-2018, 02:17 PM)Im4Tinker Wrote: You might find suitable with DietPi, for such purpose. But it is not a freeBSD OS. Most of the OSs available are debian derived.
By DietPI you may select the programs useful for your own scope, so it will take a little space.


Thank you for the response. I will definitely look into that.

On a side note, I wonder if it would be possible to install pure Debian on this board. I am not completely opposed to using iptables on Linux for my firewall vs PF on BSD. However, I am really not looking for any fluff with an installed OS. Specifically I do not need a window manager on my firewall. Installing the base Debian system has worked out for me in the past.

Have you (or anyone else) installed pure Debian instead of a derivative OS?

Thanks again for the response,

TWB
Reply
#4
I also don't need much bells and whistles attached. I'm looking for a home automation setup. But I'm less keen for debian ancient style (with huge security concern), I'm accustomed with Arch Wink

So I realized to have a hybrid, kernel from linaro and the rootfs from ALarm.
Then I use CLI often and no much interest for a mouse, as such purpose. There are a couple of program to setup the firewall, like iptables or ufw. As per Arch, it starts with the minimal setup and the remaining is one's decision. DietPi has a similar approach, but it's designed by the developers which step should be taken. 

If you want to try a different distro, I think you'll get close, but there's a bit of workaround for a suitable kernel. I still studying for my setup how to get the kernel with modules as per ALarm design.

Perhaps, a hybrid will go at the first shot.
Reply
#5
(08-13-2018, 03:17 PM)Im4Tinker Wrote: I also don't need much bells and whistles attached. I'm looking for a home automation setup. But I'm less keen for debian ancient style (with huge security concern), I'm accustomed with Arch Wink

So I realized to have a hybrid, kernel from linaro and the rootfs from ALarm.
Then I use CLI often and no much interest for a mouse, as such purpose. There are a couple of program to setup the firewall, like iptables or ufw. As per Arch, it starts with the minimal setup and the remaining is one's decision. DietPi has a similar approach, but it's designed by the developers which step should be taken. 

If you want to try a different distro, I think you'll get close, but there's a bit of workaround for a suitable kernel. I still studying for my setup how to get the kernel with modules as per ALarm design.

Perhaps, a hybrid will go at the first shot.

Sounds like quite a bit of work. I am not completely interested in compiling a custom kernel at this point. I will have to think about it more before I decide to go this route. Also, I do really like BSD over Linux as a firewall solution. I don't like using iptables and ip6tables to manage my firewall. It is much simpler for me if I don't have to make two separate rule sets.

On a side note. What is this huge security concern with Debian that you speak of? I can't imagine it is that insecure if the list of Debian users includes organizations like:

City of Munich, Germany
Bureau of Immigration, Philippines
Ministry of Foreign Affairs, Dominican Republic
Vermont Department of Taxes, State of Vermont, USA

and one especially compelling organization is the African Lottery, Cape Town, South Africa:

"We are using Debian for advanced cryptographic programs like ISAAC, and for random number generators (RNG). What's more, it's used for simpler tasks like apache web server, mysql database, and ftp. It's running on one 64 bit Xeon® CPU E5-2620 station.

Debian was chosen because of no vulnerabilities (malware & hacks), and great support. "


Thanks again for the feedback,

TWB
Reply
#6
(08-14-2018, 03:38 PM)TheWhiteBuffalo Wrote: What is this huge security concern with Debian that you speak of?

Well, for a maker, might not be a point of interest. Perhaps one is keen for a lighter security implementation. This is when the SBC is used for small projects.
Anyway, you may opt for the better solution that suites the actual demand. So compiling and going for a different OS, might be postponed.
Do you think that DietPi would suffice ?
Reply
#7
(08-14-2018, 05:55 PM)Im4Tinker Wrote:
(08-14-2018, 03:38 PM)TheWhiteBuffalo Wrote: What is this huge security concern with Debian that you speak of?

Well, for a maker, might not be a point of interest. Perhaps one is keen for a lighter security implementation. This is when the SBC is used for small projects.
Anyway, you may opt for the better solution that suites the actual demand. So compiling and going for a different OS, might be postponed.
Do you think that DietPi would suffice ?

At this point I think I am going to have to bypass the Tinker Board. I am really looking for BSD compatibility in a SBC. Again, it primarily comes down to configuring the firewall. iptables is more work than it is worth at times. especially when working with ipv6.

All of that being said, I do like the idea of DietPi for maybe a different application. However, for this firewall project I have determined that Linux is not going to make the cut.

I'll keep searching for the perfect board.

TWB
Reply
#8
Quote:Debian was chosen because of no vulnerabilities (malware & hacks), and great support.

Then you certainly want to avoid Dietpi:

https://medium.com/@siloraptor/mayan-edm...b20850cc89
https://medium.com/@ericriggs42/awesome-...7e1c60d7fc


Quote:Awesome article! One thing though, keep away from DietPi. Quality has decreased since it started and is now ridden with security problems (doesn’t follow LSB) and privacy issues (collects user data).


Quote:I had a lot of problems with DietPi too. My Banana Pro would lock up at random intervals and my Orange Pi Zero would not even boot. They have since vastly reduced the number of boards supported including the Banana Pro.

Their software installer blindly overwrites your configuration files. The official recommendation is that you only use their utilities!

Their upgrade procedure downloads diff and patch files, and makes all sort of modifications to your files and without giving you a chance to audit the changes.

In addition to the security and privacy issues you can add stability problems too.


Quote:I'll keep searching for the perfect board.

Perfect one might be a huge overkill or too costly. Choose on your use case. Always.
Armbian. Lightweight Debian Stretch or Ubuntu Xenial for Tinker Board.
Reply
#9
(08-15-2018, 09:14 AM)igorpec Wrote: Perfect one might be a huge overkill or too costly. Choose on your use case. Always.

Yea, very true. I will at least keep looking for something I can use to install freeBSD, specifically, OPNsense (preferably).

Thanks for the information,

TWB
Reply
#10
Quote:Yea, very true. I will at least keep looking for something I can use to install freeBSD, specifically, OPNsense (preferably).

This will again be problematic. Dev boards are poorly supported in mainstream distros. Imagine, that even Raspberry Pi just get full support in the mainline kernel with 4.18.y

You don't have the luxury of x86 world here so again, some other logic applies.

There are router boards out there, from small (Orangepi R1) to full-blown (Clearfog). AFAIK the best you get is Lede on Clearfog, but I don't know how is the quality of support and Orange R1 ... no idea either. You probably need to hack it together.
Armbian. Lightweight Debian Stretch or Ubuntu Xenial for Tinker Board.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)