On 02/28/11 22:11, Nick Holland wrote:
On 02/28/11 19:26, Timothy Legge wrote:
Hi list!
I'm looking to setup my first Open BSD firewall in the near future, and I
was hoping to get a little feedback from you about ideal specs for a first
time machine.
Below is a little about my situation.
I plan to install the firewall physically between my router (Apple Time
Capsule) and my ADSL 2+ Modem so it can filter all traffic sent and received
to the Internet.
ANYTHING.
As I understand it, I will be running pf to filter the traffic on each of
the NIC's installed, and I would like to install an IDS.
Besides this, Ill only really need to run what ever is nesacery to allow a
secure connection to be established to that machine so I can manage it from
within my network. (Happy to be corrected if I'm wrong, I'm still learning!)
I look forward to reading your advice, and I'm happy to provide any
aditional information.
Tim
Seriously, you can not buy too little hw in a "standard" platform for
your needs as you describe them. You would have trouble finding too
little HW sitting on the curb on trash day.
Go grab yourself an old PII or P3 (Celeron will save you a couple
Watts), 64M RAM, a couple PCI NICs, an old HD, and do it.
To add to what Nick said, some years ago I discovered some really
old Dell's, Optiplex GXMT 166's. Before I sent them to our salvage
system I put a second nic in it, OpenBSD on the 2G disk, and
wondered if it could sit there running pf as a bridge and how fast
it would be.
It kept up with 10Mb traffic perfectly. A later test with some
Dell Dimensions saw 100Mb traffic going over it.
For starters, find garbage Dells (the white Optiplex are built
like tanks) and play around.
I don't think I have any Compudyne 486's left, but if I find one
I'll try it with that, too. I'd bet it could deal with a 10Mb link
just fine, too.
--STeve Andre'
