[Cialug] New Firewall

Daniel A. Ramaley daniel.ramaley at DRAKE.EDU
Fri Jan 5 14:53:14 CST 2007 

On Friday 05 January 2007 14:24, Tom Pohl wrote:
>Does anyone know of a set of tools that will give me what I'm looking
>for that will install on top of a standard distribution instead of a
>stand alone distribution with a purdy web interface?

I wouldn't install a firewall using anything other than OpenBSD. I'd 
probably also remove the unnecessary moving parts (read: hard drives) 
and replace them with a 1 GB IDE flash drive. Actually i'm going to be 
replacing my home firewall soon with a low-power machine running 
OpenBSD off of flash. Based on recent other experiences installing 
OpenBSD, a full installation will leave most of the 1 GB free. And it 
is possible to configure the filesystem to be read-only so you don't 
have to worry about power outages, at least not beyond the usual spikes 
and such that a high-quality surge protector can filter out.


Speaking of Linux firewalls, those of you who attended meetings years 
ago may remember a time that i brought in a 486 in a cardboard box to 
show off. That machine is still in production, and still in the same 
cardboard box. Totally silent, no moving parts (beyond the floppy 
drive, but it is only used at boot). But only 133 MHz (it's an AMD 
chip; i don't think Intel pushed the 486 that fast) with something like 
24 MB RAM. Over time the machine has developed some odd issues though. 
The motherboard battery has been dead for years, so if i turn the 
machine off or (more commonly) the power goes out, i have to go through 
the BIOS and reset everything. Also there is some oddity either with 
the specific ethernet cards (both 3c509b, still the best 10mbit cards i 
know of) or with how they interact with the ancient version of Linux 
that runs on the thing where while the machine is booting if the 
ethernet cards are not connected to something that can cause the link 
lights to come on, the cards are not initialized. Once the machine is 
up and running it is OK to disconnect the ethernet and plug it back in, 
but it can't boot disconnected. Weird. My main reason for wanting to 
replace it is to upgrade from a really old Linux to a modern OpenBSD. 
If anyone wants the cardboard 486 after it is retired, let me know.

------------------------------------------------------------------------
Dan Ramaley                            Dial Center 118, Drake University
Network Programmer/Analyst             2407 Carpenter Ave
+1 515 271-4540                        Des Moines IA 50311 USA

More information about the Cialug mailing list