Thanks for all off your help so far;
to those of you mentioning the fact that laptops are not reliable
running 24/7, I am not too worried about it. The only other use for
this old notebook is as a paperweight. It has a nice bios so things
like suspending and turning off the harddisk are all handled
automatically.
I have knocked off "feature" #1 on the list, so I guess I will try the
squid configuration next.
Thanks again,
Marc
On 12/28/06, laurent FANIS <[EMAIL PROTECTED]> wrote:
On 12/27/06, Marc Ravensbergen <[EMAIL PROTECTED]> wrote:
> Hi, I have a little home network that I am trying to protect from the
> nasty outside world. I have previously used ipcop (linux based) as an
> all-in-one router / firewall / dns server... etc, and I would really
> like to have a similar setup again, only based on openbsd instead. If
> somebody could help me put this together (or direct me to some
> excellent websites) I would really appreciate it.
>
> - I have an HP Omnibook 5700ct (which refuses to die on me) to be used
> as the dedicated "firewall"
> - specs are: pentium 150 Mhz, 80 MB ram, 2- 3GB harddisk, cdrom (non
> bootable) and floppy.
> - internet is via dialup modem (don't laugh, that's all I can get here
> in the country)
I'm in no better position so i won't laugh at you.
> - ethernet card is via pcmcia, modem is USR external (via serial port)
> or IBM pcmcia
>
Laptops are not made to run 24/7 so it will die on you sooner then
later if you use it too much.
> The good news is that I have openbsd 4.0 installed on this laptop and
> it all works excellent. I can use either modem, and the ethernet
> traffic is routed to my switch to my private network. When my desktop
> ("corncob") wants internet, it sends it out to my little router
> ("kiwi") which then dial's on demand, and disconnects after 2 mins of
> no activity. This is all wonderful stuff.
>
> What I would like to do is add the following features...
> 1) DNS server (for my private network only) so that my computers can
> use kiwi instead of the ISP dns servers (which change from time to
> time and are really, really slow at times). If kiwi could cache the
> addresses it would save a _lot_ of time reaching my common websites.
> This feature doesn't sound difficult, I just need a few tips here and
> there (package name, sample config)
> 2) transparent web proxy; something along the lines of squid (I
> believe this is used by ipcop) to cache my frequent websites. I've
> never set this up by itself before, but again, probably manageable.
> 3) Make the system boot from harddisk, load the settings, unmount the
> harddisk (so that it can turn off after 3 mins; controlled by bios)
> and cache all settings into a ram drive of some sort. I am thinking
> power consumption here, so I would really like to turn off the disk.
> The bios does this already,but every once in a while it spins up,
> grinds and then turns off. I suspect that this is not the most
> life-preserving disk activity. My cache size would then be limited to
> 80mb minus the ram used by kernel and running proc's. I don't know if
> this feature is possible to implement.
>
You might want to try what has been discussed so far.
Check out http://www.kernel-panic.it/openbsd.html they have some nice
material.
Or you might also try a combination of opensoekris/openboxing and the
such and add squid on another partition. Usually the firewall will
work great in stripped down version of openbsd (<32 Megs) and the
partitions are mounted MFS so all is in memory . Get squid running on
it's own partition so the HD will only spin when you browse.
> I am aware of various live-cd type projects in a similar vein as ipcop
> (monowall etc), but the problem is that 1) my cdrom is _not_ bootable;
> it's that old, 2) I might want to add packages to the system later on
> (smtp server for sending email etc).
>
Sendmamil is in the default install.
> I do not know of any floppy open-bsd based systems that are up to date.
>
Floppies are unreliable so don't bother.
> Any tips or tricks are very much appreciated.
> Marc
>
>
Good luck and maybe write some guide if you find something interessting .
Best Laurent
