Re: Porting firewall/routing script to OpenBSD from linux?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matthew R. Dempsky wrote: On Sun, Aug 13, 2006 at 01:19:31PM -0400, Nick Guenther wrote: ip is from the iproute2 package. From the lartc.org manual, ``Why iproute2?''[1]: Most Linux distributions, and most UNIX's, currently use the venerable arp, ifconfig and route commands. While these tools work, they show some unexpected behaviour under Linux 2.2 and up. For example, GRE tunnels are an integral part of routing these days, but require completely different tools. With iproute2, tunnels are an integral part of the tool set. [1] http://lartc.org/howto/lartc.iproute2.html Oh yeah. That's just great and very typical linux. Don't get me started, but if you ever tried to use bonding (trunk(4)) under Linux and want to use VLAN tagging on those interfaces too it gets really really messy *ugh* I have no fucking clue why those Linux folks are not just fixing their ifconfig? Well, maybe because Linux is just the kernel and some other guy who doesn't like anyone is maintaining ifconfig. Who knows... ./Marian iD8DBQFE4sxTgAq87Uq5FMsRAo57AKDQghGzSsuyk5cJMn5lMaZx9CRx7gCeJ6pL l5AwK2i04jn9fD6mSaPvTYM= =9IAU -END PGP SIGNATURE-
Re: Porting firewall/routing script to OpenBSD from linux?
Paul de Weerd schrieb: On Tue, Aug 15, 2006 at 02:20:05PM -0500, Matthew R. Dempsky wrote: | On Sun, Aug 13, 2006 at 01:19:31PM -0400, Nick Guenther wrote: | I think you're looking for ifconfig(8). Wait, doesn't linux have | ifconfig? What's ip for? | | ip is from the iproute2 package. From the lartc.org manual, ``Why | iproute2?''[1]: | | Most Linux distributions, and most UNIX's, currently use the | venerable arp, ifconfig and route commands. While these tools work, | they show some unexpected behaviour under Linux 2.2 and up. For | example, GRE tunnels are an integral part of routing these days, but | require completely different tools. | | With iproute2, tunnels are an integral part of the tool set. | | [1] http://lartc.org/howto/lartc.iproute2.html show some unexpected behaviour under Linux 2.2 and up... Why not fix that behaviour in stead of adding new and confusing tools ? KISS Paul 'WEiRD' de Weerd Oh, it was much more better than just adding a new tool. They forget to add a manual or info-page or something similar to this tool for more than 2 years. The only dokumentation was in the source code. That is, why I love OpenBSD. For almost everything there exist a man-Page and mostly with examples) guido
Re: Porting firewall/routing script to OpenBSD from linux?
On Sun, Aug 13, 2006 at 01:19:31PM -0400, Nick Guenther wrote: I think you're looking for ifconfig(8). Wait, doesn't linux have ifconfig? What's ip for? ip is from the iproute2 package. From the lartc.org manual, ``Why iproute2?''[1]: Most Linux distributions, and most UNIX's, currently use the venerable arp, ifconfig and route commands. While these tools work, they show some unexpected behaviour under Linux 2.2 and up. For example, GRE tunnels are an integral part of routing these days, but require completely different tools. With iproute2, tunnels are an integral part of the tool set. [1] http://lartc.org/howto/lartc.iproute2.html
Re: Porting firewall/routing script to OpenBSD from linux?
On Tue, Aug 15, 2006 at 02:20:05PM -0500, Matthew R. Dempsky wrote: | On Sun, Aug 13, 2006 at 01:19:31PM -0400, Nick Guenther wrote: | I think you're looking for ifconfig(8). Wait, doesn't linux have | ifconfig? What's ip for? | | ip is from the iproute2 package. From the lartc.org manual, ``Why | iproute2?''[1]: | | Most Linux distributions, and most UNIX's, currently use the | venerable arp, ifconfig and route commands. While these tools work, | they show some unexpected behaviour under Linux 2.2 and up. For | example, GRE tunnels are an integral part of routing these days, but | require completely different tools. | | With iproute2, tunnels are an integral part of the tool set. | | [1] http://lartc.org/howto/lartc.iproute2.html show some unexpected behaviour under Linux 2.2 and up... Why not fix that behaviour in stead of adding new and confusing tools ? KISS Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/
Re: Porting firewall/routing script to OpenBSD from linux?
On 8/15/06, Paul de Weerd [EMAIL PROTECTED] wrote: show some unexpected behaviour under Linux 2.2 and up... Why not fix that behaviour in stead of adding new and confusing tools ? KISS Because install looniks problem solved. It's the tunnels' fault! Not lunisk! Duh. -Nick
Porting firewall/routing script to OpenBSD from linux?
Will Twomey [EMAIL PROTECTED] writes: Is /etc/network/interfaces file on OpenBSD as well? If not, how do I set up static IPs? OpenBSD /etc configuration files are somewhat different from the typical Linux, and no, /etc/network/interfaces does not normally exist on OPenBSD. Is iptables included by default or will I need to recompile the kernel? IPTables is a Linux-only thing. The firewall on OpenBSD is PF (Packet filter) Is the /sbin/ip command the same and included in OpenBSD? (Example: /sbin/ip addr add dev eth0 ipaddress) The 'ip' command is another linuxism. If I understand your question correctly, ifconfig is the command you are looking for. How do I force an Ethernet's hardware address to be associated with a certain interface in OpenBSD? Should not be necessary. Others have suggested looking at the OpenBSD FAQ. This is good advice. Then again, if you want more of a quick start guide which directly addresses some of your concerns, you could do worse than browsing my PF tutorial at http://www.bgnett.no/~peter/pf/ -- Peter N. M. Hansteen [EMAIL PROTECTED] http://www.datadok.no Datadokumentasjon A/S, Bredsgaarden 2, N-5003 Bergen, Norway Tel: +47 55 32 08 02Fax: +47 55 32 14 95
Porting firewall/routing script to OpenBSD from linux?
I have a firewall script set up on a linux machine (Ubuntu). I would like to replace this machine with an OpenBSD machine for security and stability reasons, but am unsure if it will work out of the box. Could someone please answer these questions for me? Is /etc/network/interfaces file on OpenBSD as well? If not, how do I set up static IPs? Is iptables included by default or will I need to recompile the kernel? Is the /sbin/ip command the same and included in OpenBSD? (Example: /sbin/ip addr add dev eth0 ipaddress) How do I force an Ethernet's hardware address to be associated with a certain interface in OpenBSD? (I had to do this in linux, because the eth's kept randomly changing after reboots. Probably because of the dual nic PCI cards) Thanks for your patience! -Will
Re: Porting firewall/routing script to OpenBSD from linux?
http://www.openbsd.org/faq/faq6.html On 8/13/06, Will Twomey [EMAIL PROTECTED] wrote: I have a firewall script set up on a linux machine (Ubuntu). I would like to replace this machine with an OpenBSD machine for security and stability reasons, but am unsure if it will work out of the box. Could someone please answer these questions for me? Is /etc/network/interfaces file on OpenBSD as well? If not, how do I set up static IPs? Is iptables included by default or will I need to recompile the kernel? Is the /sbin/ip command the same and included in OpenBSD? (Example: /sbin/ip addr add dev eth0 ipaddress) How do I force an Ethernet's hardware address to be associated with a certain interface in OpenBSD? (I had to do this in linux, because the eth's kept randomly changing after reboots. Probably because of the dual nic PCI cards) Thanks for your patience! -Will
Re: Porting firewall/routing script to OpenBSD from linux?
On 8/13/06, Will Twomey [EMAIL PROTECTED] wrote: I have a firewall script set up on a linux machine (Ubuntu). I would like to replace this machine with an OpenBSD machine for security and stability reasons, but am unsure if it will work out of the box. Could someone please answer these questions for me? Is /etc/network/interfaces file on OpenBSD as well? If not, how do I set up static IPs? Use hostname.if(5) files. Is iptables included by default or will I need to recompile the kernel? Us pf(4) Is the /sbin/ip command the same and included in OpenBSD? (Example: /sbin/ip addr add dev eth0 ipaddress) I think you're looking for ifconfig(8). Wait, doesn't linux have ifconfig? What's ip for? How do I force an Ethernet's hardware address to be associated with a certain interface in OpenBSD? (I had to do this in linux, because the eth's kept randomly changing after reboots. Probably because of the dual nic PCI cards) Ahaha! But in OpenBSD this never happens because the devs have made very sure that everything always gets enumerated the same way! Also, your interfaces won't be ethN now, they'll be something else. Each device is named according to the driver for it. See http://www.openbsd.org/cgi-bin/man.cgi?query=ethernetapropos=1format=html -Nick
Re: Porting firewall/routing script to OpenBSD from linux?
On Sun, Aug 13, 2006 at 12:04:07PM -0500, Will Twomey wrote: I have a firewall script set up on a linux machine (Ubuntu). I would like to replace this machine with an OpenBSD machine for security and stability reasons, but am unsure if it will work out of the box. Could someone please answer these questions for me? Is /etc/network/interfaces file on OpenBSD as well? If not, how do I set up static IPs? Is iptables included by default or will I need to recompile the kernel? Is the /sbin/ip command the same and included in OpenBSD? (Example: /sbin/ip addr add dev eth0 ipaddress) How do I force an Ethernet's hardware address to be associated with a certain interface in OpenBSD? (I had to do this in linux, because the eth's kept randomly changing after reboots. Probably because of the dual nic PCI cards) If you are moving to OpenBSD for security reasons then you should rethink your ideas above. You will gain a lot more by learning the OpenBSD tools and methods rather than trying to make OpenBSD emulate your Linux firewall. The very first place to start is to write down your firewall policy in plain words. After doing that, it should be fairly easy to implement this in OpenBSD using the existing documentation in the main FAQ, the PF FAQ, and the man pages. If you are discouraged by this, you should know that running OpenBSD without some knowledge of OpenBSD itself will not give you a secure system. You would be better off securing a system that you know better. The good news is that with the documentation, setting up a firewall with OpenBSD is not very difficult. And once you learn your way around you'll find pf much nicer than iptables. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |