Hi, I have a little home network that I am trying to protect from the
nasty outside world. I have previously used ipcop (linux based) as an
all-in-one router / firewall / dns server... etc, and I would really
like to have a similar setup again, only based on openbsd instead. If
somebody could help me put this together (or direct me to some
excellent websites) I would really appreciate it.
- I have an HP Omnibook 5700ct (which refuses to die on me) to be used
as the dedicated "firewall"
- specs are: pentium 150 Mhz, 80 MB ram, 2- 3GB harddisk, cdrom (non
bootable) and floppy.
- internet is via dialup modem (don't laugh, that's all I can get here
in the country)
- ethernet card is via pcmcia, modem is USR external (via serial port)
or IBM pcmcia
The good news is that I have openbsd 4.0 installed on this laptop and
it all works excellent. I can use either modem, and the ethernet
traffic is routed to my switch to my private network. When my desktop
("corncob") wants internet, it sends it out to my little router
("kiwi") which then dial's on demand, and disconnects after 2 mins of
no activity. This is all wonderful stuff.
What I would like to do is add the following features...
1) DNS server (for my private network only) so that my computers can
use kiwi instead of the ISP dns servers (which change from time to
time and are really, really slow at times). If kiwi could cache the
addresses it would save a _lot_ of time reaching my common websites.
This feature doesn't sound difficult, I just need a few tips here and
there (package name, sample config)
2) transparent web proxy; something along the lines of squid (I
believe this is used by ipcop) to cache my frequent websites. I've
never set this up by itself before, but again, probably manageable.
3) Make the system boot from harddisk, load the settings, unmount the
harddisk (so that it can turn off after 3 mins; controlled by bios)
and cache all settings into a ram drive of some sort. I am thinking
power consumption here, so I would really like to turn off the disk.
The bios does this already,but every once in a while it spins up,
grinds and then turns off. I suspect that this is not the most
life-preserving disk activity. My cache size would then be limited to
80mb minus the ram used by kernel and running proc's. I don't know if
this feature is possible to implement.
I am aware of various live-cd type projects in a similar vein as ipcop
(monowall etc), but the problem is that 1) my cdrom is _not_ bootable;
it's that old, 2) I might want to add packages to the system later on
(smtp server for sending email etc).
I do not know of any floppy open-bsd based systems that are up to date.
Any tips or tricks are very much appreciated.
Marc
