On 4 Dec 2000, at 11:49, Dexter Graphic wrote:
> Since there seems to be a lot of interest in BSD on the list, I
> thought I'd forward this article which I received from ZDNet. (Please
> note that I personally do NOT use OpenBSD, this is just the title of
> the article.)
I do use OpenBSD on an old 486 as a firewall/router that lives
between my Cisco 675 and my home network. I do this because
the Cisco router uses telnet for remote login, and I don't believe in
this protocol, *especially" on firewalls, and doubly especially on
firewalls that have proprietary password encryption. Plus,
clipper.net's firewalling bites like a hungry dog in a butcher shop,
so I need strong protection.
I've been very impressed. It is *incredibly easy* to set this sort of
thing up, as everything you need is installed by default. All you
need to do is edit a couple of configuration files, write you ipf rules,
and go. I actually thought the install was much easier than
FreeBSD, and in fact, most Linux installs (granted, it doesn't install
as much, but I don't want much on that box.
Logging facilities are great. Logrotate is installed by default, as is
OpenSSH. It's not as fast as FreeBSD or LInux, but that's not the
focus of this box. Actually, for what it does, I'd imagine that a 486
with 32 MB RAM has quite a bit more ooomph that the Cisco. It
also seems to be more stable than the Cisco IOS; a friend of mine
who uses OpenBSD for his corporate firewall also feels this is the
case.
Personally, I would recommend OpenBSD as the preferred
firewalling solution for any network, from the home network to the
largest enterprise. It's real easy to do IP maquerading to do things
like send packets to a web or mail server in your DMZ, for
instance, and when the kIDDiES scan the thing, it's going to look
like the server is running on an OpenBSD box, which will most
likely be enough to get them to go away (but if they don't you've got
everything logged :) )
Cheers,
Dennis
"Custard pies are a sort of esperanto: a universal language."
--Noel Godin
