[buug] Convert Linux Gateway to OpenBSD
Charles Howse
chowse at charter.net
Thu Oct 24 12:00:35 PDT 2002
> start here:
>
> http://www.openbsd.org/faq/faq9.html
>
Been there, done that.
I don't pretend to be as knowledgeable as you folks, but maybe I can get
it done with just a little prodding.
Have also worn out the book "FreeBSD Unleashed".
> is the "dynamic address" just over DHCP? or is there PPPoE or
> something else between them?
>
> either is supported in OpenBSD.
Dhcp only.
> > One VERY important service that I MUST have on the new gateway is
> > DNS2Go.
>
> never heard of it. but, google has.
>
> they have a perl version, which should work in OpenBSD with
I'm pretty confident the beta they sent me will work.
> it does web serving?
At present, I don't object to building a DMZ and hosting my web site and
mail server on another machine.
> it does SMTP? why not use your ISPs mail gateways?
Because I haven't had consistent email service from my ISP since August
28th.
"-ERR Incorrect user name or password"
I'm on their ass about it, all the way up to Corporate HQ.
And I want to do SMTP because I can.
My Red Hat box (Curly) has firewalled, nat'd, smtp'd, httpd'd and
emailed the logs to me for a year with no problems.
Remember, I said I'm running PortSentry, LogSentry, Logwatch, etc.
Are you saying that OpenBSD can't do the same thing on the same machine
without coughing?
> > Stateful firewall w/nat
>
> easy.
Where can I look at a real good pf.conf file?
> > Intrusion detection software (really need some input here...)
>
> get a beafier machine. IDSs tend to use quite a bit of CPU
> time while doing packet analisys. if you're wanting a
> firewall, it's already doing to much.
Nothing else available. Remember, this is a home network, built from
used machines.
The DMZ setup seems to be where you're headed. Fine with me.
>
> > Automated retrieval and installation of security-related patches.
>
> this is almost always a bad idea. well, automated installation is.
>
> you can use wget to grab the latest patches, and probably
> script the patching in to your local source tree.. but, this
> is a firewall right? why would it have a compiler?
Well, (remember, I'm a BSD newbie), the firewall should have a compiler
so I can install the latest security patches and recompile from
source...Isn't that the way it's supposed to work? I refer to the
following page...
http://www.openbsd.org/stable.html
More information about the buug
mailing list