[geeks] RFA: firewall

Shawn Wallbridge shawn at synack-hosting.com
Thu Jan 6 17:12:09 CST 2005 

I wouldn't run anything but OpenBSD, but that's just me. I have done 
some pretty neat duty stuff with OpenBSD. Right now I have a four point 
VPN running with a mix of OpenBSD 3.4, 3.5 and 3.6.

I happen to have set up pretty much the exact same set up as you are 
describing two nights ago.

bash-3.00# uname -a
OpenBSD hades.wallbridge.net 3.6 GENERIC#304 sparc64

bash-3.00# dmesg

<snip>
OpenBSD 3.6 (GENERIC) #304: Fri Sep 17 13:01:33 MDT 2004
     
deraadt at sparc64.openbsd.org:/usr/src/sys/arch/sparc64/compile/GENERIC
total memory = 134217728
<snip>
mainbus0 (root): Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 333MHz)
cpu0 at mainbus0: SUNW,UltraSPARC-IIi @ 333 MHz, version 0 FPU
cpu0: physical 32K instruction (32 b/l), 16K data (32 b/l), 2048K 
external (64 b
/l)
<snip>
fxp0 at pci2 dev 1 function 0 "Intel 82557" rev 0x08: ivec 10, address 
00:02:b3:
06:f3:7c
<snip>

I am about to set up IPSec on it (making our VPN 5 points).

PF is great.

shawn




On 6-Jan-05, at 1:27 PM, Phil Stracchino wrote:

> I humbly request advice, opinions, whatever, from the Collective.  :)
>
> The hardware: Ultra5, USIIi/333, 256M, 9.1G, three 10/100 interfaces
> (the built-in hme plus a dual EEPro100), didn't really pay attention to
> what framebuffer and can't say I particularly care.
>
> The application: firewall between wired internal net, wireless DMZ, and
> DSL to the 'net.  Right now there'll only be one machine on the wired
> net and one on wireless, both running Win2K Pro, but real boxen running
> real OSen will be shipped out here later.
>
> So:
>  - Solaris 9 and Sunscreen Lite (included with 9, iirc)?
>  - OpenBSD and PF?
>  - Something else?
>
> What's your recommendations, and why?
>
> -- 
>   ========== Fight Back!  It may not be just YOUR life at risk. 
> ==========
>   alaric at caerllewys.net : phil-stracchino at earthlink.net : 
> phil at novylen.net
>    phil stracchino : unix ronin : renaissance man : mystic zen biker 
> geek
>      2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)
>            Linux Now!  ...Friends don't let friends use Microsoft.
> _______________________________________________
> GEEKS:  http://www.sunhelp.org/mailman/listinfo/geeks

More information about the geeks mailing list