On Thu, 28 Mar 2002 09:38:23 -0800
Jeff Lasman <[EMAIL PROTECTED]> wrote:
> "Dale P. Smith" wrote:
>
> > Yes, you can make packet filtering firewalls with OpenBSD using your own
> > ip addresses. You can configure obsd to be something like a filtering
> > bridge. No ip addresses at all. You c
>Are you kidding, this discussion has been among the most informative and
>important of the things I've seen on this list. No offense, but a
>steady diet of "where can I find a .pkg for ?" gets a bit dull.!
As a young administrator I could not agree more with Regis. I certainly
appreciate al
> Date: 28 Mar 2002 22:28:01 -0600
> From: Regis <[EMAIL PROTECTED]>
> > Or maybe we should go off-list and keep the gems secret, if other
> > people truly don't care. ;-)
> >
> > Seriously: I hope that this stuff doesn't fall on deaf ears.
I was being sarcastic about "keeping gems secret".
> Seriously: I hope that this stuff doesn't fall on deaf ears.
I've been listening closely, and I suspect that Tim is too
since he started the discussion. While it is easy for these
sorts of discussions to devolve into flame wars, it is also
a very good way for us to he
On Thu, 2002-03-28 at 13:20, E.B. Dreger wrote:
> > Date: Thu, 28 Mar 2002 09:51:07 -0800
> > From: Jeff Lasman <[EMAIL PROTECTED]>
>
>
> > > Those of us who provide proper colo shield our customers from one
> > > another by using VLANs terminated on such a router/firewall.
> > > Will be bringin
> Date: Thu, 28 Mar 2002 09:51:07 -0800
> From: Jeff Lasman <[EMAIL PROTECTED]>
> > Those of us who provide proper colo shield our customers from one
> > another by using VLANs terminated on such a router/firewall.
> > Will be bringing up another couple in the next week if certain
> > software p
On Thursday 28 March 2002 12:35 pm, Jeff Lasman wrote:
> Okay... here's what I want to do...
> (this looks better with a fixed-width font)
> I want a linux-based firewall to answer to my public address space, and
> to then to route the packets through my switch to my protected systems
> (and vice
"Dale P. Smith" wrote:
> Yes, you can make packet filtering firewalls with OpenBSD using your own
> ip addresses. You can configure obsd to be something like a filtering
> bridge. No ip addresses at all. You can add a third interface with a
> real ip for remote access if needed. See
> http://
Matthew Nuzum wrote:
> Of course all of that is moot if you the Internet or your NAT users can can
> bypass your router. I have traditionally used Cisco routers for doing this
> kind of work. Never-the-less, I know that Linux can do it (in all 2.x
> kernels I believe) and I've done it with Free
"E.B. Dreger" wrote:
> Those of us who provide proper colo shield our customers from one
> another by using VLANs terminated on such a router/firewall.
> Will be bringing up another couple in the next week if certain
> software packages stabilize.
Okay Eddy, obviously I've got a lot to learn. I
> Date: Tue, 26 Mar 2002 15:47:39 -0500
> From: Matthew Nuzum <[EMAIL PROTECTED]>
> I believe that every router can do this, even Linux.
Yes, good point. A Windows box could theoretically do it... not
that I'd ever want to. :-)
> Also, just because you use NAT doesn't mean you can't have a
>
> Date: Tue, 26 Mar 2002 12:14:19 -0800
> From: Jeff Lasman <[EMAIL PROTECTED]>
> Do these BSD firewalls work without NATting? NATting is NOT
No need to NAT unless you want to NAT.
> something our clients like. It's not something we like. So
> can we firwall, yet still maintain our public
> Date: Tue, 26 Mar 2002 17:27:23 -0500
> From: Dale P. Smith <[EMAIL PROTECTED]>
(snip, snip)
> Yes, you can make packet filtering firewalls with OpenBSD using
> your own ip addresses. You can configure obsd to be something
> like a filtering bridge. No ip addresses at all. You can add
But
> Do these BSD firewalls work without NATting? NATting is NOT something
> our clients like. It's not something we like. So can we firwall, yet
> still maintain our public IP#s using these products? If so, can you
> direct me towards documentation or a how-to?
I believe that every router can d
On Tue, 26 Mar 2002 12:14:19 -0800
Jeff Lasman <[EMAIL PROTECTED]> wrote:
> "E.B. Dreger" wrote:
>
> > OpenBSD 3.0's "pf" is nice. Building some firewall/VPN boxes
> > based on it for clients, as well as one for us. I'm waiting to
> > deploy ECN until broken firewalls are beaten back, but one
On Tue, 26 Mar 2002 12:14:19 -0800
Jeff Lasman <[EMAIL PROTECTED]> wrote:
> "E.B. Dreger" wrote:
>
> > OpenBSD 3.0's "pf" is nice. Building some firewall/VPN boxes
> > based on it for clients, as well as one for us. I'm waiting to
> > deploy ECN until broken firewalls are beaten back, but one
David Lucas wrote:
> I have seen next to nothing that has not worked on a system that has not
> been modified. I have only had one problem ever with an update and that
> was OS2. It made a change to a man and I got an error from logcheck. None
> otherwise. I have added ipchains, logcheck, por
Jörg Jan Münter wrote:
> i recognised problems with RaQ3, but we don't use them any more. Could you
> tell me wich updates caused problems?
Reported a few days ago, GLIBC update causes memory leaks. Cobalt is
working on it but no fix in site.
Lots of us installed it and are having serious memo
"E.B. Dreger" wrote:
> OpenBSD 3.0's "pf" is nice. Building some firewall/VPN boxes
> based on it for clients, as well as one for us. I'm waiting to
> deploy ECN until broken firewalls are beaten back, but one has
> that choice. Note that it can also use its own ISN generation to
> help avoid
[snip]
> > I maintain several RaQs, and
> > they just work without any trouble.
>
> Sun Cobalt has a history of releasing packages that either don't work,
> or break security, or break functionality. It's a sad but true fact
> that's well documented in past posts to this and other Cobalt lists.
Hi out there,
> > > Sure, other systems may be more secure, but those people who don't use
> > > for example external firewalls should think about their philosophy of
> > > security first before discussion security features of OSes. Our
> > > machines all work behind sophisticated firewalls and w
> Date: Mon, 25 Mar 2002 11:12:11 -0800
> From: Jeff Lasman <[EMAIL PROTECTED]>
(snipping throughout)
> I'm glad it works for you. RaQs, out of the box today, are very
> insecure. Nothing to do with hacks. (BTW, it works fine for me too,
> after we add a lot of security to it.)
...which is
>
>Sun Cobalt has a history of releasing packages that either don't work,
>or break security, or break functionality. It's a sad but true fact
>that's well documented in past posts to this and other Cobalt lists.
I have seen next to nothing that has not worked on a system that has not
been mod
Jörg Jan Münter wrote:
> Sory, but i am relly tired of these discussions and i don't understand what's
> this all about.
Mostly it's about people's frustration with unfixed security issues on
Sun Cobalt's RaQs, and with unupdated software when more recent versions
are available.
> Cobalt does u
24 matches
Mail list logo
