On Fri, 2002-01-18 at 14:04, Frederic Lemoine wrote:
Hello,
So finally I could have my traffic encrypted between my W2K workstation
and my OpenBSD 3.0 (ISAKMP).
The OpenBSD is my gateway/firewall to the internet. I do NAT in hide
mode :
w2k
Hello,
So finally I could have my traffic encrypted between my W2K workstation
and my OpenBSD 3.0 (ISAKMP).
The OpenBSD is my gateway/firewall to the internet. I do NAT in hide
mode :
w2k [172.16.1.166]-[172.16.1.3] OpenBSD [193.121.122.1]---Internet
...
Good luck
Regards,
Brenno
-Original Message-
From: Trevor Osatchuk [SMTP:[EMAIL PROTECTED]]
Sent: zaterdag 20 oktober 2001 1:10
To: Firewalls-Owner (E-mail)
Subject: OpenBSD firewall between lans
I am a newbie sysadmin. I have set up a FreeBSD firewall at home and have
to
replace this with an OpenBSD firewall. The reason why I want to do this is
because I want to be able to connect to hidden Windows shares, e.g. ipc$,
from one lan1 to lan2, but not the other way. We cannot do this with the
proxy. We need to connect to these shares on the other lan on occasion
We are discussing to use either OpenBSD or FreeBSD
for our new firewall.
Does anybody know, Which one is more stable
and which one is easier to configure and support?
At the moment we are using debian linux, with the help
of some scripts it is ok to configure.
Does anybody have an opinion
On Tue, 26 Jun 2001, Thorsten wrote:
We are discussing to use either OpenBSD or FreeBSD
for our new firewall.
Does anybody know, Which one is more stable
and which one is easier to configure and support?
I don't think you'll notice the difference so long as you pick a
known-good release
Ok here is the eternal debate in what you just said: Do you want easier to
configure or more stable?
In my eye OpenBSD is more stable and a billion times more secure than
FreeBSD as the code goes through rigorous testing for security holes within
the code. FreeBSD is much easier
Normally I would recommend OpenBSD for a firewall. It is definately not
the easier to configure and support, but it has not had a remote
comprimise on a default install in something like 4 years... now, having
said that, I think there are some issues currently with the new licensing
in IPFILTER
For a firewall the best choice is OpenBSD.
Security is OpenBSDs reason for existance.
Security is not easy. The difference in ease of
configuration between the two in not that great.
Try them both. See which you like.
acs
--- Thorsten [EMAIL PROTECTED] wrote:
We are discussing to use
On 26 Jun 2001, at 10:53, Carric Dooley wrote:
I think there are some issues currently with the new licensing in
IPFILTER, which has been all of the BSD's firewall solution for
sometime. I read somewhere it will not be included in future
releases of OpenBSD. I have note verified this myself
On Tue, 26 Jun 2001, Jim Rosenberg wrote:
Latest word from Theo and the crew is that OpenBSD will have its own
solution to replace IPFilter -- presumably as of 2.10, or sufficiently
late 2.9-current.
one has been imported and a coding frenzy is going on. pf, a reasonably
mature project
keep yer pants on! :-)
pf is indeed in the OpenBSD tree now, with support for IPF-compatible
rulesets, NAT, logging of blocked packets to a fake interface
(/dev/pflog) that is tcpdump'able (with support in tcpdump to print
which rule the packet matched against), IPF-compatible TCP state
tracking
releases of
OpenBSD.
They have removed IPF from the build and replaced it with PF another packet
filter. It works similar to IPF without the nasty licensing issues that IPF
is using.
_
Get your FREE download of MSN
Dug,
Is there a site for this new fw package? do you have info on your site? It
sure sounds cool.
Carric Dooley
Senior Consultant
COM2:Interactive Media
But this one goes to eleven.
-- Nigel Tufnel
On Tue, 26 Jun 2001, Dug Song wrote:
keep yer pants on! :-)
pf is indeed in the OpenBSD
goto www.openbsd,org and check out PF the new fwalling software
- Original Message -
From: Carric Dooley [EMAIL PROTECTED]
To: Dug Song [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, June 26, 2001 7:29 PM
Subject: Re: OpenBSD or FreeBSD
Dug,
Is there a site for this new fw
On Tue, 26 Jun 2001, Dug Song wrote:
keep yer pants on! :-)
pf is indeed in the OpenBSD tree now, with support for IPF-compatible
rulesets, NAT, logging of blocked packets to a fake interface
(/dev/pflog) that is tcpdump'able (with support in tcpdump to print
which rule the packet matched against
package? do you have info on your site? It
sure sounds cool.
Carric Dooley
Senior Consultant
COM2:Interactive Media
But this one goes to eleven.
-- Nigel Tufnel
On Tue, 26 Jun 2001, Dug Song wrote:
keep yer pants on! :-)
pf is indeed in the OpenBSD tree now, with support
FYI:
deadly.org, aka openbsd journal, has a note from theo himself that ipf has
been removed from openbsd-current due to licensing changes (changes
committed at about 10 pm tuesday night).
2.9-release (which ships in two days) will have it, though. this affects
only -current.
i have not yet
kernel. this includes capabilities, mandatory access
control lists, an audit trail, and the like.
its usually been based on -current, is somewhat experimental, and is,
despite being a bit slow moving, a really great effort.
openbsd uses none of this, and simply strives to be the most secure
I use IPF on a FreeBSD 4.2 box. I was going to go with OpenBSD, but it did
not like the Intel Server NIC on the Motherboard. It is a 2U rackmount
server with 4 nics, and I need them all. Also FreeBSD has SMP support. IPF
is quite powerful. My actual configuration is IPF for Statefull packet
Hi there,
I'm trying to setup an openBSD box as a simple firewall with two NICs
for this I plan to use ipf, provided with openBSD 2.8
I wonder if anyone there tried it and is happy with it.
I would enjoy some feedback from you and ,of course some sites giving
documentation about it.
Thanks
On Thu, 15 Feb 2001 [EMAIL PROTECTED] wrote:
I'm trying to setup an openBSD box as a simple firewall with two NICs
for this I plan to use ipf, provided with openBSD 2.8
I wonder if anyone there tried it and is happy with it.
I've heard rave reviews of ipf.
I would enjoy some feedback from
You may want to look at http://www.openlysecure.org. Unfortunately, their
site is down due to a "major server upgrade" but it is a companion to the
book, "Building Linux and OpenBSD Firewalls" by Wes Sonnenreich and Tom
Yates. There might be some configuration examples
On Thu, 15 Feb 2001, Matthew Reams wrote:
You may want to look at http://www.openlysecure.org. Unfortunately,
their site is down due to a "major server upgrade" but it is a
companion to the book, "Building Linux and OpenBSD Firewalls" by Wes
Sonnenreich and Tom Yates.
On Thu, 15 Feb 2001 [EMAIL PROTECTED] wrote:
I'm trying to setup an openBSD box as a simple firewall with two NICs
for this I plan to use ipf, provided with openBSD 2.8 I wonder if
anyone there tried it and is happy with it.
i love ipf. it kicks the pants off of many commercial firewalls
Well, if I remember correctly, that book was based on OpenBSD 2.5. Also, I
don't see much wrong with using 'eth0' for 'ethernet card 0'. Depending of
the make of you NIC's, you'll get all kinds of different device names. It's
probably better than using fxp0, sis0, elx0.
Mike
- Original
On Thu, 15 Feb 2001, Mike Forrester wrote:
Well, if I remember correctly, that book was based on OpenBSD 2.5.
Also, I don't see much wrong with using 'eth0' for 'ethernet card 0'.
Depending of the make of you NIC's, you'll get all kinds of different
device names. It's probably better than
Jose Nazario wrote:
i love ipf. it kicks the pants off of many commercial firewalls. when
coupled to a proxy like SOCKS5 it's almost unbeatable. and i love OpenBSD.
just read the code, you'll also fall in love.
Even though I pride myself as a Solaris man, I run OpenBSD on some
older
1. Go to www.openbsd.org
2. Read the FAQ
3. Read some man pages (man -k ipf; man -k ipnat)
4 If that's not enough, get some education on TCP/IP
I need to install a firewall, but I want to use real IP addresses in my
Internal
Network. I have installes Openbsd.
What can I do
I need to install a firewall, but I want to use real IP addresses in my
Internal
Network. I have installes Openbsd.
What can I do to use real IP addresses in my internal network
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" i
Hi,
I installed an OpenBSD firewall and am very happy with it (because I'm new to
OpenBSD and new to Firewalls.)
But I want to check logs to see what's been blocked, what's been passed, who's
been trying to port scan me, etc.
How do I do that under OpenBSD 2.7???
This is what I did
not aware offhand of any available for
download.
jeff
On Thu, Aug 17, 2000 at 12:16:27PM -0400, [EMAIL PROTECTED] wrote:
The thread on redundant FW1 got me interested in similar solutions for
OpenBSD...
Has anyone set up a failover capability with an OpenBSD firewall? I'd be
interested in your
#For a routing firewall (ie from NAT to public space, or a gateway
#machine acting as a firewall), have your failover machine inside the
#trusted network pinging the private (gateway) interface of the normal
#firewall. On a failure, have the failover machine change its ip
#address on its private
Hi everyone. It's me again. :-
I am very happy, I was able to install openbsd and it's my third day with
it. :-)
I've been trying to find an example of ipf.rules which is applicable to a
ppp connection with public dynamic ip address obtained from my ISP and a lan
card (ep0). I saw examples
I have found an openbsd link for my i386 machine. Are the files listed in
http://download.sourceforge.net/pub/mirrors/OpenBSD/2.7/i386/ enough for my
installation?
Thanks in advance.
Ronneil
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" i
Ronneil Camara wrote:
I have found an openbsd link for my i386 machine. Are the files listed in
http://download.sourceforge.net/pub/mirrors/OpenBSD/2.7/i386/ enough for my
installation?
Thanks in advance.
Ronneil
Check out the specs - http://www.openbsd.org/faq/faq4.html
4.2
Hi,
I suggest you _buy_ openbsd. Not too expensive and the project is worth
being supported.
To quote from the webpage (www.openbsd.org):
OpenBSD is developed by volunteers. The project funds development and
releases by selling CDs and T-shirts, as well as receiving donations.
Organizations
Btw, I have an intel based pc. What files and directories should I download
under this link?
ftp//ftp.openbsd.org/pub/OpenBSD/2.6/
Is there are ISO image so I will just burn in?
Ronneil Camara [EMAIL PROTECTED]
One Consulting Group Phone: (63)2 6354086
IT Consultant
There is a pretty complete set of instructions for obtaining and installing OpenBSD at:
http://www.openbsd.org/faq/faq4.html
You might also want to check out the misc mailling list there.
On Thu, Jun 15, 2000 at 01:52:05AM +0800, Ronneil Camara wrote:
Btw, I have an intel
Hello all,
Hopefully somebody has the patience to answer the following beginner's
question:
Should the DMZ side be allocated a prime Internet adress or a private?
There may be multiple answers to this question but are there
preferences?
We plan to have www, smtp, pop, calendar, ftp and webmail
Per olof Ljungmark writes:
Should the DMZ side be allocated a prime
Internet adress or a private? There may
be multiple answers to this question but
are there preferences?
I lean towards numbering DMZ networks with internal addresses and
translating them to
conspicuously!
Caution: I've read about, but never used this technique. Still, it's
cheap to try (a $10 cable and a few minutes of labor), and if it works, is
about as foolproof as you can get.
-- Rex
Date: Wed, 22 Mar 2000 12:13:28 -0500
From: "Gene Lee" [EMAIL PROTECTED]
Subject: Ope
On Thu, 23 Mar 2000, Rex Sanders wrote:
Cut the transmit cable pair on the Ethernet cable of your Internet link, or
make a special cable with only the receive pair connected.
This does not work. Without a receive pair you will never get link. Best
you can do is add a lot of resistance so that
on running a temporary multi-homed IDS on my test lab, where one
NIC is connected to the internet and the other NIC on the intranet (which
provides a potential by-pass around the multi-homed firewall I have running
parallel to it).
This box is OpenBSD 2.6, and the reason why it's temporarily m
the address range you used for those bogus addresses. I'd use 10.net
addresses if they aren't in use elsewhere or one of the other
non-routed sub nets.
As an alternative idea you can hack the OpenBSD network driver code to
remove send ability for that NIC. I did this under Linux. This is why
I
Sorry for asking this question before just trying. I don't expected it to be
THAT simple...
Michael
-Original Message-
From: Goessmann, Michael [mailto:[EMAIL PROTECTED]]
Sent: Freitag, 22. Oktober 1999 20:43
To: [EMAIL PROTECTED]
Subject: NAT on two interfaces / OpenBSD
Hi
Hi,
I want to configure NAT on our OpenBSD firewall on two different interfaces.
Is that possible? I am using the ipnat and ipfilter packages and I want to
implement something like this:
---
| |
INET---(1)| FW |(2)---DMZ
Hi Frinds!
I need a firewall (Free Software) for my network, and i need to choose
between OpenBSD IPF and the TIS FWTK 2.1 running on a OpenBSD machine.
My network toplogy:
[ ISP ] - [FW OpenBSD ] - Internal Network
On Sat, 16 Oct 1999, Fabio da Silva Cunha wrote:
Hi Frinds!
I need a firewall (Free Software) for my network, and i need to choose
between OpenBSD IPF and the TIS FWTK 2.1 running on a OpenBSD machine.
They aren't mutually exclusive technologies. FWTK protects at the
application layer
Hello:
Here is a new book that may interest readers of this list:
"Building Linux and OpenBSD Firewalls" (Paperback), by Wes Sonnenreich, Tom
Yates, John Wiley Sons, 512 pages, October 1999; ISBN: 0471353663; $44.99.
See it at Amazon:
http://www.amazon.com/exec/obidos/ASIN/047135
linuxdoc.org/
IPchains: http://www.rustcorp.com/linux/ipchains/
Here are some more links:
Linux: URL:http://www.linux.org/, URL:http://www.redhat.com/,
URL:http://www.debian.org/
OpenBSD: URL:http://www.openbsd.org/
NetBSD: URL:http://www.netbsd.org/
FreeBSD: URL:http://www.f
on every kind of hardware
FreeBSD - concentration on stability and performance
OpenBSD - concentration on security
Again, I don't really want to debate which is better - it's a matter of
personal preference.
Very well summarized. I would add that Linux generally supports
a broader range of hardware
ox configs are appreciably different. Last I looked OpenBSD
was shipped considerably more secure than the others from a default install. I
don't give this a lot of weight, as I strip services and tighten config on
everything including OpenBSD, but others may count this one as important.
Fo
on stability and performance
OpenBSD - concentration on security
Again, I don't really want to debate which is better - it's a matter of
personal preference.
Alyea
Tally wrote:
perhaps this may be the right place to ask this
question. since FreeBSD is run on many
commercial shops worldwide. so
perhaps this may be the right place to ask this
question. since FreeBSD is run on many
commercial shops worldwide. so what is the diff
between FreeBSD, NetBSD, OpenBSD and our
plain old redhat linux or caldera linux.
I mean they are all unices... I needed to install
a unix based OS
Hi there
Anyone know a good and secure anonymous FTP server for OpenBSD?
--
_
Kostas Doukakis Email: [EMAIL PROTECTED]
System Administrator Phone: +31 9959780
-
[To unsubscribe, send mail to [EMAIL PROTECTED
/ / / / | / | __] ]
Beverly Hills, California USA 90210 / / / / / |/ / | __] ]
HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[]
Hi there
Anyone know a good and secure anonymous FTP server for OpenBSD
57 matches
Mail list logo