[rescue] Firewalling Routers (RE: OT Linux)

[Loomis, Rip]

> ~ > Anyone ever set up a OBSD box as a dial-out (modem) router
> ~ > with NAT and dynamic IP addressing from the ISP?
 
> The hotshit way to do this is with LRP (linux router 
> project). Did it for
> several years.

Hmmm...methinks that I didn't express all the reasons *why*
I was making this transition, and also that someone might
not have read all of my original e-mail...

In the past I have used Linux boxen for this very purpose.
I don't choose to try to do stateful packet-filtering with
the tools in the 2.4 kernel, for a list of reasons.
We've also been steadily using OBSD more and more in our lab,
esp. for IDS platforms and for "firewalling bridges".

In the medium term I strongly desire IPSec support--and in
my opinion from testing, the IPSec support in OBSD is much
easier to get up-and-running than (Debian + FreeSWAN).
That's what *really* made up my mind to do the switch.

Don't get me wrong, I'm going to continue to run Linux on
other systems at home--both my SMP PPro box and my low-end
RAID (DAC-960PU) have functionality under Linux that is not
supported under OpenBSD.  I'm ending up, both here at work
and at home, with OBSD on the router/firewall boxes and
a combination of Linux and Win32 on the network infrastructure
and desktop boxes.

Thinking a little more clearly now that I was at 1:30 AM,
I'm betting that (when doing bunches of other changes) I
forgot to set net.inet.ip.forwarding=1 in /etc/sysctl.conf.
I'll check when I get home--and if it really *was* that
simple, boy will I be both happy and pissed.

  --Rip