[buug] Convert Linux Gateway to OpenBSD

Charles Howse chowse at charter.net
Thu Oct 24 12:00:35 PDT 2002 

> start here:
> 
> http://www.openbsd.org/faq/faq9.html
> 

Been there, done that.
I don't pretend to be as knowledgeable as you folks, but maybe I can get
it done with just a little prodding.
Have also worn out the book "FreeBSD Unleashed".

> is the "dynamic address" just over DHCP? or is there PPPoE or 
> something else between them?
> 
> either is supported in OpenBSD.
 
Dhcp only.

> > One VERY important service that I MUST have on the new gateway is 
> > DNS2Go.
> 
> never heard of it. but, google has.
> 
> they have a perl version, which should work in OpenBSD with 

I'm pretty confident the beta they sent me will work.

> it does web serving?

At present, I don't object to building a DMZ and hosting my web site and
mail server on another machine.

> it does SMTP? why not use your ISPs mail gateways?

Because I haven't had consistent email service from my ISP since August
28th.
"-ERR Incorrect user name or password"
I'm on their ass about it, all the way up to Corporate HQ.
And I want to do SMTP because I can.

My Red Hat box (Curly) has firewalled, nat'd, smtp'd, httpd'd and
emailed the logs to me for a year with no problems.
Remember, I said I'm running PortSentry, LogSentry, Logwatch, etc.
Are you saying that OpenBSD can't do the same thing on the same machine
without coughing?

> > Stateful firewall w/nat
> 
> easy.

Where can I look at a real good pf.conf file?

> > Intrusion detection software (really need some input here...)
> 
> get a beafier machine. IDSs tend to use quite a bit of CPU 
> time while doing packet analisys. if you're wanting a 
> firewall, it's already doing to much.

Nothing else available.  Remember, this is a home network, built from
used machines.
The DMZ setup seems to be where you're headed.  Fine with me.

> 
> > Automated retrieval and installation of security-related patches.
> 
> this is almost always a bad idea. well, automated installation is.
> 
> you can use wget to grab the latest patches, and probably 
> script the patching in to your local source tree.. but, this 
> is a firewall right? why would it have a compiler?
 
Well, (remember, I'm a BSD newbie), the firewall should have a compiler
so I can install the latest security patches and recompile from
source...Isn't that the way it's supposed to work?  I refer to the
following page...
http://www.openbsd.org/stable.html

More information about the buug mailing list