I just spent some time on this and got a working image for the Watchguard
Firebox X 500-2500 platforms.
For more info about it, I'm keeping track of everything in a forum here:
http://www.thewaffle.org/Forum/viewforum.php?f=6&st=0&sk=t&sd=d&start=0
While I was at it, I pulled out an old Watchgua
> On Fri, Aug 8, 2008 at 3:08 PM, James Records <[EMAIL PROTECTED]>wrote:
>
> > Grab a Watchguard Firebox X off of ebay, they have 6 interfaces, and you
> > can get them pretty cheap, some of the bigger ones have more, onboard
> > crypto, perfect for building openbsd firewalls... you can run off a
2008/8/13 James Records <[EMAIL PROTECTED]>:
> I just got some screenshots of the project up, if you care to take a look:
>
> http://www.thewaffle.org/screenshots.html
> pardon the site design, not my forte, hopefully getting someone else to
> build me something better soon.
It's nicer to look
I just got some screenshots of the project up, if you care to take a look:
http://www.thewaffle.org/screenshots.html
There is also a working copy of the VMware image of the project availible
for download, see the following for brief instructions on how to setup the
image:
http://www.thewaffle.or
On Wed, 13 Aug 2008, ropers wrote:
SNIP
NB: According to Wikipedia, Juniper's JUNOS OS is FreeBSD-derived. In
other words, it ultimately evolved from the same ancestor OpenBSD
evolved from.
--ropers
So it runs some BSD derivative on it's management card, make no difference
on how well the hard
Henning Brauer wrote:
* Marco Fretz <[EMAIL PROTECTED]> [2008-08-13 09:31]:
Ok, ok. What I said was what Cisco says
as in, lies, lies, lies.
They call it "marketing".
Cisco hardware is much more reliable than PCs
I can't second that. Cisco and good PC hardware are en par ime.
The whole sys
> * Marco Fretz <[EMAIL PROTECTED]> [2008-08-13 09:31]:
>> If you have the money buy Cisco Routers (or from similar vendors), if you
>> have time and want to save some money use OpenBSD.
2008/8/13 Henning Brauer <[EMAIL PROTECTED]>:
> no. If you have the money get somebody clueful to set your Open
* Marco Fretz <[EMAIL PROTECTED]> [2008-08-13 09:31]:
> Ok, ok. What I said was what Cisco says
as in, lies, lies, lies.
They call it "marketing".
> Cisco hardware is much more reliable than PCs
I can't second that. Cisco and good PC hardware are en par ime.
The whole system, Cisco + IOS vs PC-S
Sorry to hijack this thread slightly, but it's related I think:
I'm looking to create an OpenBSD firewall/router for home. It's going
to need to support two ADSL (UK, 8mbit) lines with PPPoA. And then a
bunch (4) of f/eth ports, which is simple enough.
Could anyone recommend any low-profile pci a
Claudio Jeker wrote:
On Mon, Aug 11, 2008 at 01:14:53PM +0200, Marco Fretz wrote:
Johan Beisser wrote:
On Fri, Aug 8, 2008 at 2:59 PM, phoenixcomm <[EMAIL PROTECTED]> wrote:
Hi Gang,
well heres my 3 cents,
first why use a stupid PC (any os) for routing.. REALY BAD jue,jue
brake
down and b
Hi,
> Forget this. Cisco does CEF (cisco express forwarding) that's stream
> forwarding in hardware. You don't have a chance to reach this PPS with a
yeah, expect that it doesn't route everything and in the moment it falls
back to cpu your router is dead. then there I saw all kind of "funny" and
t
My day job lets me "play" with "fucking expensive ones", I love that
statement Claudio. If you want commercial hardware that handles
large PPS rates you get purpose built hardware, not a Cisco router.
I also support 100M feeds going through Soekris 5501 running OpenBSD
and they perform very wel
* Marco Fretz <[EMAIL PROTECTED]> [2008-08-11 13:19]:
> Forget this. Cisco does CEF (cisco express forwarding) that's stream
> forwarding in hardware.
1) that is best case. some traffic has to go to the main cpu.
attackers can provole that and easily overload their tiny host cpus.
2) only the bi
On Mon, Aug 11, 2008 at 01:14:53PM +0200, Marco Fretz wrote:
>>> well heres my 3 cents,
>>> first why use a stupid PC (any os) for routing.. REALY BAD jue,jue brake
>>> down and buy a old Cisco 7200, 7500, 3600 they are all very good routers, I
>>> used a 7500 for a while and now use a 3640
>>
On Mon, Aug 11, 2008 at 01:14:53PM +0200, Marco Fretz wrote:
> Johan Beisser wrote:
>> On Fri, Aug 8, 2008 at 2:59 PM, phoenixcomm <[EMAIL PROTECTED]> wrote:
>>> Hi Gang,
>>> well heres my 3 cents,
>>> first why use a stupid PC (any os) for routing.. REALY BAD jue,jue
>>> brake
>>> down and bu
On Mon, Aug 11, 2008 at 01:14:53PM +0200, Marco Fretz wrote:
>> How odd. I know at least one site that runs all of their BGP off of
>> OpenBGP on OpenBSD boxes that are dedicated as routers. In all cases,
>> these systems outperform the equivalent Cisco hardware for a fraction
>> of the cost.
>
> F
Johan Beisser wrote:
On Fri, Aug 8, 2008 at 2:59 PM, phoenixcomm <[EMAIL PROTECTED]> wrote:
Hi Gang,
well heres my 3 cents,
first why use a stupid PC (any os) for routing.. REALY BAD jue,jue brake
down and buy a old Cisco 7200, 7500, 3600 they are all very good routers, I
used a 7500 for a
> So you expect additional reliability from stacking ebayed cisco equipment
> with OpenBSD bridges behind them, as the original poster mentioned, and cost
> effectiveness by buying used cisco equipment and paying for relicensing so
> that you can get updates, compared to setting up OpenBSD boxes as
On Fri, Aug 08, 2008 at 06:54:05PM -0500, patric conant wrote:
> You strongly overestimate the value of your comments (3 cents), it seems
> like there are many places more appropriate than this one for you to suggest
> middle-of-the-road hardware running a proprietary OS that has among the
> worst
You strongly overestimate the value of your comments (3 cents), it seems
like there are many places more appropriate than this one for you to suggest
middle-of-the-road hardware running a proprietary OS that has among the
worst security records in the industry.
On Fri, Aug 8, 2008 at 4:59 PM, phoe
On Fri, Aug 08, 2008 at 02:59:02PM -0700, phoenixcomm wrote:
> MartC-n Coco wrote:
> >
> > Hi misc,
> >
> > I'm currently looking for hardware alternatives for firewalls that
> > should have more than four NICs.
> >
> > Currently we are buying R200s from Dell, but we have the 4 NIC
> > limitation.
On Fri, Aug 8, 2008 at 2:59 PM, phoenixcomm <[EMAIL PROTECTED]> wrote:
> Hi Gang,
> well heres my 3 cents,
> first why use a stupid PC (any os) for routing.. REALY BAD jue,jue brake
> down and buy a old Cisco 7200, 7500, 3600 they are all very good routers, I
> used a 7500 for a while and now
Grab a Watchguard Firebox X off of ebay, they have 6 interfaces, and you can
get them pretty cheap, some of the bigger ones have more, onboard crypto,
perfect for building openbsd firewalls... you can run off a CF...
I'm putting together a project that uses openbsd on these boxes. If you
have any
MartC-n Coco wrote:
>
> Hi misc,
>
> I'm currently looking for hardware alternatives for firewalls that
> should have more than four NICs.
>
> Currently we are buying R200s from Dell, but we have the 4 NIC
> limitation. We could tell Dell to install a quad port NIC (in addition
> to the two-port on
* Toni Mueller <[EMAIL PROTECTED]> [2008-08-08 19:07]:
> Hi,
>
> On Mon, 14.07.2008 at 12:44:15 +0200, Henning Brauer <[EMAIL PROTECTED]>
> wrote:
> > The bigger HP Procurve switches are ok. Some shit, as usual, but all
> > in all very usable.
>
> what do you mean by "bigger"?
5300XL specifical
Hi,
On Mon, 14.07.2008 at 12:44:15 +0200, Henning Brauer <[EMAIL PROTECTED]> wrote:
> The bigger HP Procurve switches are ok. Some shit, as usual, but all
> in all very usable.
what do you mean by "bigger"?
> Routers: OpenBSD, what else?
Erm, and on the hardware side, please?
Kind regards,
--
Claer wrote, sometime around 15/07/08 07:31:
On Mon, Jul 14 2008 at 28:15, Mart?n Coco wrote:
Thanks!
Have you tried the quad nics on those Dells? We do have a couple of R200s,
860s and 850s running with 2 dual port cards no problem, but we have never
tried the quad ports.
Hello,
I do have
On Mon, Jul 14 2008 at 28:15, Mart?n Coco wrote:
> Thanks!
>
> Have you tried the quad nics on those Dells? We do have a couple of R200s,
> 860s and 850s running with 2 dual port cards no problem, but we have never
> tried the quad ports.
Hello,
I do have around 20 Dell 860 and R200 with 2 card
Never done the quad in my maxchines. I havent heard anyone getting
fired over it either though.
A quick check on dells web indicates you have two pci-e slots in those
r200s, why not get two dual nics.
On Mon, Jul 14, 2008 at 8:28 PM, Martmn Coco
<[EMAIL PROTECTED]> wrote:
> Thanks!
>
> Have you t
First of all, thanks to all of you that have replied.
I've thought of adding VLANs, and will be doing it in the future maybe,
but in our current situation, that's not possible; not all the switches
support this option, and there's still some concern about security
implications (specially in up
Thanks!
Have you tried the quad nics on those Dells? We do have a couple of
R200s, 860s and 850s running with 2 dual port cards no problem, but we
have never tried the quad ports.
Torsten Frost escribis:
On Fri, Jul 11, 2008 at 11:47 PM, Martmn Coco
<[EMAIL PROTECTED]> wrote:
Hi misc,
I'm
On Fri, Jul 11, 2008 at 11:47 PM, Martmn Coco
<[EMAIL PROTECTED]> wrote:
> Hi misc,
>
> I'm currently looking for hardware alternatives for firewalls that should
> have more than four NICs.
>
> Currently we are buying R200s from Dell, but we have the 4 NIC limitation.
> We could tell Dell to instal
* Curt Micol <[EMAIL PROTECTED]> [2008-07-13 16:20]:
> On Sun, Jul 13, 2008 at 5:55 AM, Henning Brauer <[EMAIL PROTECTED]> wrote:
> > which is exactly the point. there are too many misconfigured VLAN
> > setups out there, and some vendors (namely: cisco) have fucked up
> > defaults. cisco (at least
On Sun, Jul 13, 2008 at 5:55 AM, Henning Brauer <[EMAIL PROTECTED]> wrote:
> which is exactly the point. there are too many misconfigured VLAN
> setups out there, and some vendors (namely: cisco) have fucked up
> defaults. cisco (at least: used to, not sure about the current status,
> I long abondo
* Gordon Grieder <[EMAIL PROTECTED]> [2008-07-12 15:27]:
> [ VLANs ] just work well when configured properly.
which is exactly the point. there are too many misconfigured VLAN
setups out there, and some vendors (namely: cisco) have fucked up
defaults. cisco (at least: used to, not sure about the c
Martmn Coco wrote:
Hi misc,
I'm currently looking for hardware alternatives for firewalls that
should have more than four NICs.
Currently we are buying R200s from Dell, but we have the 4 NIC
limitation. We could tell Dell to install a quad port NIC (in addition
to the two-port onboard card)
On Sat, Jul 12, 2008 at 08:24:52AM -0500, Gordon Grieder wrote:
>
> Fast forward and we've got these 2960G's everywhere, a couple of 3750G's
> doing the L3 work and feeding to the hardware out to the world. Nearly 20
> VLANs going through various trunks (single gig and etherchannel). The stuff
> j
On Sat, Jul 12, 2008 at 12:24:46AM -0400, Jason Dixon wrote:
> I knew it was a matter of time before the "vlan insecurity" bullshit hit
> the fan. RTFA. Who says anything about "blindly trusting" switches?
> If you can't correctly configure VLANs on your switches, and filter on
> vlan(4) interfa
* Martmn Coco <[EMAIL PROTECTED]> [2008-07-12 00:33]:
> I'm currently looking for hardware alternatives for firewalls that should
> have more than four NICs.
there is a 1u supermicro that has 4 onboard, on PCIe and PCI-X each.
gives 12 ems in 1U.
--
Henning Brauer, [EMAIL PROTECTED], [EMAIL PRO
>> >I knew it was a matter of time before the "vlan insecurity" bullshit hit
>> >the fan. RTFA. Who says anything about "blindly trusting" switches?
>> >If you can't correctly configure VLANs on your switches, and filter on
>> >vlan(4) interfaces in PF, you shouldn't be administering production
>
On Sat, Jul 12, 2008 at 12:35:46AM -0400, Geoff Steckel wrote:
>
> >I knew it was a matter of time before the "vlan insecurity" bullshit hit
> >the fan. RTFA. Who says anything about "blindly trusting" switches?
> >If you can't correctly configure VLANs on your switches, and filter on
> >vlan(4)
>I knew it was a matter of time before the "vlan insecurity" bullshit hit
>the fan. RTFA. Who says anything about "blindly trusting" switches?
>If you can't correctly configure VLANs on your switches, and filter on
>vlan(4) interfaces in PF, you shouldn't be administering production
>networks. T
On Sat, Jul 12, 2008 at 01:09:40AM -0300, Giancarlo Razzolini wrote:
> >
> Wow... I've used 5 interfaces also, but for different internet links.
> Try do multi routing when you have lot's of different ip's of different
> ranges on the same if. Your pf rules will be a mess and, in some cases,
> i
Jason Dixon escreveu:
> On Fri, Jul 11, 2008 at 10:10:04PM -0400, Geoff Steckel wrote:
>
>> Jason Dixon wrote:
>>
>>> On Fri, Jul 11, 2008 at 06:47:13PM -0300, Mart?n Coco wrote:
>>>
Hi misc,
I'm currently looking for hardware alternatives for firewalls that
sh
On Fri, Jul 11, 2008 at 10:10:04PM -0400, Geoff Steckel wrote:
> Jason Dixon wrote:
>> On Fri, Jul 11, 2008 at 06:47:13PM -0300, Mart?n Coco wrote:
>>> Hi misc,
>>>
>>> I'm currently looking for hardware alternatives for firewalls that
>>> should have more than four NICs.
>
>> Why could you poss
Jason Dixon wrote:
On Fri, Jul 11, 2008 at 06:47:13PM -0300, Mart?n Coco wrote:
Hi misc,
I'm currently looking for hardware alternatives for firewalls that
should have more than four NICs.
Why could you possibly need 6 physical interfaces? Even if you have a
failover pair of firewalls and
On Fri, Jul 11, 2008 at 06:47:13PM -0300, Mart?n Coco wrote:
> Hi misc,
>
> I'm currently looking for hardware alternatives for firewalls that
> should have more than four NICs.
>
> Currently we are buying R200s from Dell, but we have the 4 NIC
> limitation. We could tell Dell to install a quad
Hi misc,
I'm currently looking for hardware alternatives for firewalls that
should have more than four NICs.
Currently we are buying R200s from Dell, but we have the 4 NIC
limitation. We could tell Dell to install a quad port NIC (in addition
to the two-port onboard card), but I haven't read
48 matches
Mail list logo