Using NetBSD as a secure gateway

pra9ma writes "Browsing through and found a nice article on setting up NetBSD and DSL connections as a gateway, the article gives an overview of ways to use your DSL machine as gateway for your home or office network, and goes through the basic steps to setup and maintain security to machines connected directly to the Internet." Nice reading material for those new to the BSD operating system."

Re:offtopic, but BSD....

[Anonymous Coward]

I found it... It was this interview [slashdot.org] and the link to the paper about SoftUpdates vs. ext2 is at Usenix. [usenix.org]
Also, in your post, if you were refering to virtural memory, then its worth noting that(Free)BSDs VM subsystem is considered by many to be the very fast, if not the fastest. (Free)BSD is also getting snapshots with 5.0. snapshots will bring fsck-less booting to BSD. The BSDtcp/ip stack is still considered very well designed and is very fast (if not the fastest); BSD/OSis run on 70% of the worlds ISPs.

I know your question was relating to just the FS performance, but if you plan on running a server, there are many other things to consider. The BSDcamps get along very well, and you can be assured that many of the changes will be ported to the other BSDs within a short time.

wow

[deran9ed]

This was submitted almost 3 weeks ago, anyways, its nice to see that people are still interested in the BSD's.

Recently I optioned on either buying two more Nokia 650 firewalls for my network and installed three new OpenBSD boxes using a combination of Trex [opensourcefirewall.com], and IPF [obfuscation.org]. While Checkpoint is a pretty cool firewall, I figured we (my company) didn't need to go out and spend more loot on firewalls. Sure IPF and Trex don't have true stateful inspections, and sure you can't do as much as you can with Checkpoint, but here are some of the neat things I managed to fiddle with. (posting this for this who do the fw things ya know)

On my Checkpoint FW I'm allowed the ability to mainpulate time based rules. (meaning I can allow in, out, block, on certain times of the day etc.) Being that at night (in case things go bonkers) servers go down, I made a simple shell script that is cron'd to open a connection at 8pm daily (when I'm home away from work) to my home subnet. This is pretty similar to Checkpoint's time based rules.

Not a major hack but it does me justice

Using a combination of FreeBSD, NetBSD, and OpenBSD at work (I'm senior admin so I get to use whatever I want) I also took the liberty of stunneling [stunnel.org] just about everything I could with OpenSSL [openssl.org] so even if someone got unto out network, traffic is pretty secure for the most part.

Anyone else care to share some tweaks, tips and stuff on this boring Sunday?

Re:offtopic, but BSD....

[Anonymous Coward]

That's absolutly false. UFS + SoftUpdates actually out performs ext2 in many areas. Although, I'm not going to say it outperforms it in _every_ area, because it doesn't. Both UFS (+ SoftUpdates) and ext2 has thier strong and weak areas. BSD/UFS+SoftUpdates will outperform ext2 under high loads though. Many people bitch about BSD not having a journaling file system, although these are mostly Linux zealots. They bitch about it becuase corporations have put alot of emphasis on journaling, even though there are (better) alternatives. BSD doesn't _need_ a journaling FS becuase something better has been developed; SoftUpdates.

There was an interview with one of the BSD commiters a while ago on slashdot, and he posted a link to benchmarks comparing SoftUpdates and ext2.. I'll repost if I find it.

NetBSD/i386 Firewall

[DreamerFi]

And if you don't want to do the work yourself, look at www.dubbele.com [htttp]