Jacob Meuser wrote:
> > Right now I'm doing the OpenBSD thing.
>
> Your impressions so far?
My impressions of the various firewall distros?
Too limited, too highly optimized for the average case.
Astaro had promise, but I simply couldn't figure out how to
configure a VPN endpoint. They don't use the FreeS/WAN config
files, and they don't document what they do have.
And too many features. I want a firewall to route and filter
packets, and be hard to break into, and that's all. I don't
want it to be a DNS server, a web proxy, a file server
(E-Smith), or a print server. (Oh, okay, I put a DHCP server
on the OpenBSD box, but that's the only exception.)
My impressions of OpenBSD?
Pros
Everything's in the man pages.
The network subsystem seems to be industrial-strength.
Easy to install, in that the installation instructions worked.
It's small enough that it's not overwhelming.
Cons
2.9 hangs on my box. (Grrr!)
3.0pre doesn't hang (yet), but I don't have a consistent build.
Minor niggles, e.g., /usr/bin/env doesn't implement -u.
Overall, I intend to stick with it, at least for this firewall.
So here's my current status on trying to get OpenBSD up.
Synopsis: in the last episode, our hero had backed off from OpenBSD
3.0pre because versionitis problems precluded configuring the packet
filter or recompiling anything. With 2.9, the most recent release,
he found that his hardware configuration would hang hard within
half an hour while rebuilding /usr/src.
Our hero's box is pretty standard*, except that he has five (5) NICs
installed, and intends to do hairy firewall-type stuff with them.
* Tyan S1854 Trinity 400 motherboard
Celeron (Mendocino) 533 MHz
64 Mb RAM
IBM 10 or 14 Gb IDE disk
floppy
no CD-ROM (in final configuration)
Diamond Viper 330 video card
two Realtek 8139 NICs
three Macronix 98715 NICs
This week's installment:
This morning I spent some time tweaking BIOS settings. Nothing
helped. Pushed the box out of the way and did real work all day.
Tonight just before supper, I put the 3.0pre disk on the target
hardware. Booted it up and compiled /usr/src. I had to change "make"
to "make -k" so it would continue past the errors in libc, and then
nothing could link, but the compiler did run quite a bit. The box DID
NOT CRASH! Fluke or fixed? Time will tell.
I'm backing up /etc and /cvs now. Then I plan to wipe the disk and
install today's snapshot. (I don't have another spare small disk.)
Maybe this time it'll will be more coherent. If not, maybe somebody
at Thursday's meeting can help me get it sorted out.
--
Bob Miller K<bob>
kbobsoft software consulting
http://kbobsoft.com [EMAIL PROTECTED]
