setting up OpenBSD - How??

Q

QwertyJuan

[H]F Junkie
Joined
Aug 17, 2000
Messages
11,285
If I had an old K62 450... could I load OpenBSD on it??

I heard if was a good firewall.... is this true?? And if so, how can I integrate it into my Windows2k domain?

Thanx, QwertyJuan
 
Ever played with any type of Unix, real or work-alike?

Yes it's an amazing firewall, but why would you want to integrate it to your domain?
 
Don't mean I want it to join my domain, just mean.... is it possible to have my internet routed through it and then go to my network instead of a router?? I have heard alot about it and though that, that is what it was for... but maybe I am mistaken?? If it can be done are there any hints you can give me...

QJ
 
openbsd is the pentultimate achievement of the opensource community.

yes, you can install it on that machine and have power to spare if it is just a fw/router.

yes, it is the best open source OS for running as a networking device.

why would you need to "integrate" it into your domain? if you run it as a firewall it is not like a normal computer account you would put in AD. it is a standalone network device like a cisco PIX501.

the openbsd.org site has great documentation for getting set up- partitioning, creating users, etc. here is my "afterboot" cheatsheet:
1) Fix youraccount account to be able to use sudo
a. Check /etc/sudoers file to see if either mshepherd or wheel is allowed
b. Make sure you edit with visudo
c. Check contents of passwd file using vipwd

2) recompile kernel using GENERIC as base
a. select only 1 cpu option (i686)
b. set no math emulation
c. turn on DUMMY_NOPS
d. turn on advanced virtual memory
e. set NMBCLUSTERS to 2048
f. turn off all unnecessary NIC drivers
g. turn off scsi drivers
h. save GENERIC as MYFILE

3) run: cd /usr/src/sys/arch/i386/conf ; config MYFILE
a. this will allow configuration of the compile you are about to do

4) run: cd ../compile/MYFILE ; make depend && make
a. this will compile the kernel with all dependencies; might take a while

5) run: cp /bsd /bsd-original ; cp bsd /bsd
a. copies the original kernel to bsd-original and replaces it with the new one

6) run sudo /usr/libexec/locate.updatedb or your locate command won't work

7) reboot and ensure everything works properly

8) make changes to services in /etc/inetd.conf
a. disable ident, comsat, daytime, time
b. check what services are exposed using nmap
c. enable ftp-proxy

9) turn on pf in /etc/rc.local

10) make system config changes in /etc/sysctl.conf
a. enable ipforwarding (p84)
b. set ddb.panic to 0

11) set up cvs versioning for use with pf.conf so all rule changes and a history of network changes can be kept

12) start working on your pf.conf rules.

go to the openbsd bookstore and buy building firewalls with openbsd and pf by jacek artymiak. also, go to onlamp.com and go to the openbsd section and read the whole series of articles he has written. the man knows his stuff, and more importantly, he is good at writing about it in an easy to understand manner. buy that book though. it is well worth the money.

and lastly, register at www.bsdforums.org so you can ask for help when you need it or ive help once you know what you're doing.

cheers,
big boi
 
thanx man for the info... hopefully I can figure this thing out... downloaded it last night...

The reason I went for OpenBSD(instead of FreeBSD) is 'cause it's from Canada and I'm loyal :D

QJ
 
QwertyJuan said:
thanx man for the info... hopefully I can figure this thing out... downloaded it last night...

The reason I went for OpenBSD(instead of FreeBSD) is 'cause it's from Canada and I'm loyal :D

QJ
Click to expand...

Hell, the primary creator of Java is Canadian and you don't see me getting all enthusiastic about that! :)

Actually that's a different matter, Java makes me cranky mostly because of the bloody overhead. Anyways, take a look at the OpenBSD FAQ, it has most of what you want.

http://www.openbsd.org/faq/faq4.html

http://www.openbsd.org/faq/pf/index.html
 
QwertyJuan said:
Actually I am a certified(by Sun) Java Programmer... LOL :D

QJ
Click to expand...

My condolences :D

Naw, I had a boss who believed the whole, write once run everywhere hype too too much. That plus he wanted to use Java for everything, even things for which it simply wasn't appropriate. He wasn't too openminded once he got an idea in his head.

Actually, I'm looking to get an app ported from PHP to Java, it would make it so much more scalable and portable, I do recognize it's benefits and uses, but I still like to poke fun at it :)
 
You must log in or register to reply here.
Back
Top