Re: on home firewall for OpenBSD novice

From: clvrmnky (clvrmnky-uunet_at_coldmail.com.invalid)
Date: 12/11/03 

Date: Thu, 11 Dec 2003 14:44:27 -0500

intermezzo wrote:

> Hello. I'm strongly considering OpnBSD for a home network firewall (between
> me and the cable modem). I've heard of Linux setups by which it is possible
> to put neccessary network files and kernel on a floppy, and boot to floppy.
> Then remove the floppy so it can't be written to in case anyone does manage
> to get through.
>
OBSD is a good choice for this kind of work, and is flexible enough to
add services for your users as your network inevitably grows. Out of
the box, OBSD can be setup on a small PC to do nothing but firewalling
and NAT routing.

Another reply mentioned PicoBSD, which is based on FreeBSD, and is a
pretty immediate floppy-based solution.

> Is this viable with OpenBSD? Is it even needed? Any other information on
> putting together a secure home network / firewall leaves me
> much obliged,
>
AFAIK, there is no turnkey solution generally available that is based on
OpenBSD, though many people have grown their own solution in just a few
hours. I'm about to design a floppy or flash-based system that replaces
the aging standard PC OBSD setup I have now.

So, the DIY solutions are many, and will probably only take a few days
or hours, depending on your experience level with BSD installation and
setup.

Doing some Google searches on OpenBSD and a few choice other phrases
yields a lot of good stuff. Here are some promising links:

http://www.openbrick.org/
http://archives.neohapsis.com/archives/openbsd/2003-10/1469.html
http://www.freebsdforums.org/forums/printthread.php?threadid=12470
http://www.nmedia.net/~chris/soekris/

So, really, your choice is based on how much time are you willing to
invest in this project. If you were going to invest time in one of the
tiny Linux projects, there are just as many resources based on BSD to
choose from. The information is out there, and some people have down
all the hard work for you.

If your time is worth more, and you want to trade off a small amount of
install and maintenance work for a drop-in solution, go with one of
those little NATing firewall router/switch solutions from any big
networking device company.

Relevant Pages

  • Re: UNMOUNTABLE_BOOT_VOLUME
    ... I have replaced the floppy drive, ... Windows help - www.rickrogers.org ... I tried to use the CD for the drivers. ... I am well aware that XP setup will ...
    (microsoft.public.windowsxp.general)
  • RE: Securing a Local Network
    ... Show the Management of your company the insecurity of the Peer to Peer ... setup and discuss what risks are they willing to accept. ... -Cost of getting the web server and the mail server internally versus having ... -Use an older box for Intrusion Detection on the internal network as well. ...
    (Security-Basics)
  • Re: Client computer wont connect to internet ATTN: Joe Crown
    ... for my host/client setup. ... >When I supported Windows 98 & Windows ME the most common cause of ... >> When I try to connect to the internet using Firefox or Internet ... >> 7) In the Manufacturers box, click Microsoft, in the Network Protocols ...
    (microsoft.public.windowsxp.network_web)
  • Re: Network Connections x 2 PCs
    ... The setup is quite ... >>> If you have a broadband router, run XP's Network Setup Wizard on both ... tell it that the computers connect to the ... >>> If you have a hub, the setup depends on how many IP addresses you get ...
    (microsoft.public.windowsxp.general)
  • RE: Site-to-Site VPN not working
    ... I was looking through my documentation on this setup. ... In ISA on the remote server, add a site-to-site VPN using the name of the ... add a Network Rule called REMOTEOFFICE to route ...
    (microsoft.public.isa)