[buug] Convert Linux Gateway to OpenBSD
Charles Howse
chowse at charter.net
Thu Oct 24 08:09:30 PDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello List Members,
I have a rather interesting task ahead...I currently have a small
network here at home that I will describe shortly, and I would like
to convert the gateway machine from Red Hat 7.3 to OpenBSD.
I don't need someone to read the man pages to me, but I would like to
discuss my plan, and refine it in the most professional way possible.
I am capable of installing, and networking the box, getting patched,
recompiling the kernel, installing software, it's just that I don't
have too much experience and I was hoping to get a "safety net" in
place (you!)
Are you available for discussion and to otherwise help?
The reasons I want to convert are:
I want to use the "most secure free operating system out there."
I enjoy learning new operating systems.
I'm currently very interested in security.
I couldn't get my Windows 2000 IIS server online 5 minutes before it
was infected with Code Red.
My basic plan for conversion is as follows:
Outline the services the new gateway must provide.
Test the install and setup on a spare machine, while the old gateway
is still running.
Try to develop a means for a scripted install of the OS, software and
configuration files.
Do the actual conversion (be up, running and patched) in 12 hours or
less.
OK, my little network is named after the 3 Stooges.
I don't have a public domain...if all the PC's were Windows boxes,
this would be a workgroup.
The gateway machine is Curley, the spare machine is Larry, and the
WinXP box is Moe.
(I have address space available for Shemp and Curley_Joe) ;-)
We have a Cable Modem CAT5'd to the gateway machine which runs Red
Hat 7.3 and has 2 nics.
The 1st nic connects to the Cable Modem, and gets a dynamic IP
address from the ISP's dhcp server.
The second nic connects to a 10baseT hub, and has a private IP
address.
Larry has 1 nic with a private address, as does Moe.
I use a 4-port kvm switch for console access to each machine.
Moe shares an HP1100 printer.
I am currently running Apache, sendmail, Monmotha's iptables
firewall,
http://www.mplug.org/phpwiki/index.php?MonMothaReferenceGuide
LogWatch, PortSentry, LogSentry, DNS2Go and maybe more that I can't
think of.
One VERY important service that I MUST have on the new gateway is
DNS2Go.
I get a dynamic IP from my ISP, and using DNS2Go, I send that IP to
their dns servers so that you can click the link to my web server
without knowing my IP address. They provide some software for this,
http://www.deerfield.com/download/dns2go/linux/index.htm
which is working perfectly in Linux, and one of the developers has
just emailed me a beta copy for OpenBSD 3.1 that installed and
started just fine.
Complete list of services that the new machine must provide:
Http
Mail
Stateful firewall w/nat
Intrusion detection software (really need some input here...)
Automated retrieval and installation of security-related patches.
Must print properly to the shared printer on the XP box.
Unsuccessful so far...Print services for Unix is enabled.
#Lpc status all -> ..."waiting for Moe to come up."
No gui needed, don't have the resources. Curley is a P200 w/ 64MB
ram, 8GB & 5GB HDD.
I see that Midnight Commander is listed as broken in the ports/misc
tree, I really need a Norton Commander clone. Demos Commander is
unacceptable, it needs terminal to be vct25 or something like that
and doesn't work then. Ytree takes forever to calculate the size of
files in a big directory, and I just don't like it very much. Any
suggestions?
I'm writing my own HOWTO, with the commands and ftp sites to use for
reference. I'll send it if needed.
OK, sorry to be so long winded.
Thanks in advance for any replies!
Thanks,
Charles Howse, MCP
http://howse.dns2go.com
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBPbgNKsN9WXdqhOGSEQKkRQCfXCTKitrjsodxXiC0qtIrprrHuj0AnidP
ME7LKV069hFvhR/Ju+iPaNUE
=n4sj
-----END PGP SIGNATURE-----
More information about the buug
mailing list