openbsd or netbsd alpha firewall

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

openbsd or netbsd alpha firewall

Peter-385
Hi,
    I have an alpha server DS10 which I intended to use for a
firewall.  Originally it ran debian linux on it a long time ago but I
tried to update it recently using the debian package manager and it
was too far and decided to really screw up the system.  This had
actually just happened to me on another older computer so I decided I
was sick of debian.

    I had a netbsd 1.5 cd lying around and I decided to install that.
This was heinously buggy but I figured I could learn something from
getting it to work.  I even sent a patch to the netbsd people for some
of the network code, but they just redid it better.  At any rate I was
"tracking netbsd current".  Now every time I updated and recompiled,
it took days and usually failed for something silly.  I think I
realize now that it was ridiculous of me to expect a cvs repository to
be compilable all the time.  The last time it did this, it kept
failing because some manifest list of files was wrong.  And I've had
numerous problems since 1.5 is an old version and put some cruft on
the system that other setups don't like.  That's why I was tracking
current in the first place, to just replace it all.  But so I was
tired, and I just wanted to get it done, and I went and deleted a
bunch of "extra" libraries that it was complaining about.  I thought
these were in an object directory that was later copied to the root,
but it was a link, and, like I said I was tired, but it borked the
system.  Things like libpam are missing.

   I feel like I have two choices.  I'm not messing around with netbsd
current anymore.  So I'm either going to order a netbsd 4 cd or
whatever, or I'm going to switch to openbsd.  I ran openbsd on another
computer and it was fine, but the hardware on this one is a little
stranger.

   Anyway, I'm writing for suggestions on which OS I should go with.
Like I said its a DS10, I'm using it as a bridging firewall, it has a
pci usb card and two tulip-type dec chip ethernet cards.  I was using
ipf to do things, but I've also used ipchains.  I'm buying something
so if anyone has time, it would be nice to have some assurance that
one of these OSs is better for what I'm trying to do.  I'm not even
sure netbsd 4 has bridge-ipf support, so that's an issue for me.
Thanks for reading all this.

              - Peter

Reply | Threaded
Open this post in threaded view
|

Re: openbsd or netbsd alpha firewall

Jim Faulkner-6
I have an alphastation DS10 that I went through a bunch of operating
systems on recently, so I may be able to give you some advice.  However,
I'm using mine as a desktop, and I have a decent tolerance for high
maintenance operating systems, so my needs are not the same as yours.

As you mentioned, NetBSD was rather buggy and, if I remember correctly,
could not install to the hard disk because of a SCSI driver issue.

OpenBSD worked quite a bit better, displaying no obvious hardware bugs,
however I was not able to get X11 working, which derailed my plans to use
it as a desktop.

I finally settled on Gentoo Linux, which is wonderfully stable on my DS10.
It has X11 working well, and even has the latest version of Firefox
available.

If you're just using it as a firewall, OpenBSD would be a good choice.
However, OpenBSD does not use iptables or ipf, rather it uses a much more
modern firewalling language called pf.  So you'll have to learn pf, but I
think you'll find it a pleasure to use.

OpenBSD is quite easy to setup, however long term maintenance is not
trivial.  Since only the current and previous OpenBSD releases are
supported by the developers, and releases are made every 6 months, you
will need to conduct an upgrade once a year.  This is not a simple
process, as you can see in this OpenBSD 4.4 to 4.5 upgrade guide:
http://www.openbsd.org/faq/upgrade45.html

Gentoo is rather high maintenance in its own way.  Unlike the large
monolithic OpenBSD upgrade process, Gentoo updates each of its packages
(including core packages like gcc and glibc) incrementally so as long as
you update your system once every week or two, you won't find alot of
headaches in the upgrade process.  However, if you forget to update it for
a couple of months, you can expect to have to spend some time on it.
Additionally, gentoo has its own way of doing many things (portage for
package management, eselect for selecting alternatives, etc) that will
take some time to learn and is not useful to know outside of the Gentoo
context.

In all honesty, if you're looking for a long term supported operating
system that you should be able to update without problems, I think you may
want to reconsider Debian.  I know you mentioned you had a problem with
it, but I think if you install the latest stable release you'll find that
you can "apt-get upgrade" every few months with little effort.  Sure,
every few years you'll want to reinstall the latest stable version, but
thats nowhere near the need for 6-12 month upgrades of OpenBSD.

If you haven't tried OpenBSD before and you want to explore a new
operating system, I'd say go with OpenBSD.  It really is a pleasure to
use, just make sure you read the documentation and your root mail after
installing.

If you want a set it and forget it OS which requires little maintenance,
you might want to go with Debian.

Jim


On Sun, 2 Aug 2009, Peter wrote:

> Hi,
>    I have an alpha server DS10 which I intended to use for a
> firewall.  Originally it ran debian linux on it a long time ago but I
> tried to update it recently using the debian package manager and it
> was too far and decided to really screw up the system.  This had
> actually just happened to me on another older computer so I decided I
> was sick of debian.
>
>    I had a netbsd 1.5 cd lying around and I decided to install that.
> This was heinously buggy but I figured I could learn something from
> getting it to work.  I even sent a patch to the netbsd people for some
> of the network code, but they just redid it better.  At any rate I was
> "tracking netbsd current".  Now every time I updated and recompiled,
> it took days and usually failed for something silly.  I think I
> realize now that it was ridiculous of me to expect a cvs repository to
> be compilable all the time.  The last time it did this, it kept
> failing because some manifest list of files was wrong.  And I've had
> numerous problems since 1.5 is an old version and put some cruft on
> the system that other setups don't like.  That's why I was tracking
> current in the first place, to just replace it all.  But so I was
> tired, and I just wanted to get it done, and I went and deleted a
> bunch of "extra" libraries that it was complaining about.  I thought
> these were in an object directory that was later copied to the root,
> but it was a link, and, like I said I was tired, but it borked the
> system.  Things like libpam are missing.
>
>   I feel like I have two choices.  I'm not messing around with netbsd
> current anymore.  So I'm either going to order a netbsd 4 cd or
> whatever, or I'm going to switch to openbsd.  I ran openbsd on another
> computer and it was fine, but the hardware on this one is a little
> stranger.
>
>   Anyway, I'm writing for suggestions on which OS I should go with.
> Like I said its a DS10, I'm using it as a bridging firewall, it has a
> pci usb card and two tulip-type dec chip ethernet cards.  I was using
> ipf to do things, but I've also used ipchains.  I'm buying something
> so if anyone has time, it would be nice to have some assurance that
> one of these OSs is better for what I'm trying to do.  I'm not even
> sure netbsd 4 has bridge-ipf support, so that's an issue for me.
> Thanks for reading all this.
>
>              - Peter

Reply | Threaded
Open this post in threaded view
|

Re: openbsd or netbsd alpha firewall

Peter-385
Thanks Jim.

I have actually been using gentoo for desktop systems instead of
debian.  I like it okay, but I am a little worried about what happens
if some time goes by.  Already, even updating every couple days, I've
run into some kind of issue where I have a masked package installed
that was masked after it was installed by some mistake in portage.  As
such, my video drivers and Qt only half work.

I think I will try openbsd and only upgrade it every year as you
suggest.  I'm always kind of amazed.  I started using linux ten years
ago.  Nothing is any easier.  On the other hand, I guess its free and
I'm broke so that works out.

Thanks again,
         Peter

On Sun, Aug 2, 2009 at 4:36 PM, Jim Faulkner<[hidden email]>
wrote:
>
> I have an alphastation DS10 that I went through a bunch of operating
systems
> on recently, so I may be able to give you some advice.  However, I'm using
> mine as a desktop, and I have a decent tolerance for high maintenance
> operating systems, so my needs are not the same as yours.
>
> As you mentioned, NetBSD was rather buggy and, if I remember correctly,
> could not install to the hard disk because of a SCSI driver issue.
>
> OpenBSD worked quite a bit better, displaying no obvious hardware bugs,
> however I was not able to get X11 working, which derailed my plans to use
it

> as a desktop.
>
> I finally settled on Gentoo Linux, which is wonderfully stable on my DS10.
> It has X11 working well, and even has the latest version of Firefox
> available.
>
> If you're just using it as a firewall, OpenBSD would be a good choice.
> However, OpenBSD does not use iptables or ipf, rather it uses a much more
> modern firewalling language called pf.  So you'll have to learn pf, but I
> think you'll find it a pleasure to use.
>
> OpenBSD is quite easy to setup, however long term maintenance is not
> trivial.  Since only the current and previous OpenBSD releases are
supported
> by the developers, and releases are made every 6 months, you will need to
> conduct an upgrade once a year.  This is not a simple process, as you can
> see in this OpenBSD 4.4 to 4.5 upgrade guide:
> http://www.openbsd.org/faq/upgrade45.html
>
> Gentoo is rather high maintenance in its own way.  Unlike the large
> monolithic OpenBSD upgrade process, Gentoo updates each of its packages
> (including core packages like gcc and glibc) incrementally so as long as
you
> update your system once every week or two, you won't find alot of headaches
> in the upgrade process.  However, if you forget to update it for a couple
of
> months, you can expect to have to spend some time on it. Additionally,
> gentoo has its own way of doing many things (portage for package
management,
> eselect for selecting alternatives, etc) that will take some time to learn
> and is not useful to know outside of the Gentoo context.
>
> In all honesty, if you're looking for a long term supported operating
system

> that you should be able to update without problems, I think you may want to
> reconsider Debian.  I know you mentioned you had a problem with it, but I
> think if you install the latest stable release you'll find that you can
> "apt-get upgrade" every few months with little effort.  Sure, every few
> years you'll want to reinstall the latest stable version, but thats nowhere
> near the need for 6-12 month upgrades of OpenBSD.
>
> If you haven't tried OpenBSD before and you want to explore a new operating
> system, I'd say go with OpenBSD.  It really is a pleasure to use, just make
> sure you read the documentation and your root mail after installing.
>
> If you want a set it and forget it OS which requires little maintenance,
you

> might want to go with Debian.
>
> Jim
>
>
> On Sun, 2 Aug 2009, Peter wrote:
>
>> Hi,
>>   I have an alpha server DS10 which I intended to use for a
>> firewall.  Originally it ran debian linux on it a long time ago but I
>> tried to update it recently using the debian package manager and it
>> was too far and decided to really screw up the system.  This had
>> actually just happened to me on another older computer so I decided I
>> was sick of debian.
>>
>>   I had a netbsd 1.5 cd lying around and I decided to install that.
>> This was heinously buggy but I figured I could learn something from
>> getting it to work.  I even sent a patch to the netbsd people for some
>> of the network code, but they just redid it better.  At any rate I was
>> "tracking netbsd current".  Now every time I updated and recompiled,
>> it took days and usually failed for something silly.  I think I
>> realize now that it was ridiculous of me to expect a cvs repository to
>> be compilable all the time.  The last time it did this, it kept
>> failing because some manifest list of files was wrong.  And I've had
>> numerous problems since 1.5 is an old version and put some cruft on
>> the system that other setups don't like.  That's why I was tracking
>> current in the first place, to just replace it all.  But so I was
>> tired, and I just wanted to get it done, and I went and deleted a
>> bunch of "extra" libraries that it was complaining about.  I thought
>> these were in an object directory that was later copied to the root,
>> but it was a link, and, like I said I was tired, but it borked the
>> system.  Things like libpam are missing.
>>
>>  I feel like I have two choices.  I'm not messing around with netbsd
>> current anymore.  So I'm either going to order a netbsd 4 cd or
>> whatever, or I'm going to switch to openbsd.  I ran openbsd on another
>> computer and it was fine, but the hardware on this one is a little
>> stranger.
>>
>>  Anyway, I'm writing for suggestions on which OS I should go with.
>> Like I said its a DS10, I'm using it as a bridging firewall, it has a
>> pci usb card and two tulip-type dec chip ethernet cards.  I was using
>> ipf to do things, but I've also used ipchains.  I'm buying something
>> so if anyone has time, it would be nice to have some assurance that
>> one of these OSs is better for what I'm trying to do.  I'm not even
>> sure netbsd 4 has bridge-ipf support, so that's an issue for me.
>> Thanks for reading all this.
>>
>>             - Peter

Reply | Threaded
Open this post in threaded view
|

Re: openbsd or netbsd alpha firewall

Floor Terra
On Mon, Aug 3, 2009 at 12:00 AM, Peter<[hidden email]> wrote:
> Thanks Jim.
>
[snip]
> I think I will try openbsd and only upgrade it every year as you
> suggest. B I'm always kind of amazed. B I started using linux ten years
> ago. B Nothing is any easier. B On the other hand, I guess its free and
> I'm broke so that works out.

I know the upgrade page looks scary, but you don't need most of it.
Here is how my upgrades go:

 * Boot the ramdisk kernel (bsd.rd)
 * Choose the upgrade option
 * Follow the upgrade script question
 * reboot to new standard kernel (bsd)
 * sudo pkg_add -ui (upgrade all packages)

I do this on average once every two weeks as I'm following the current
snapshots.
The last step takes the longest but can be done in the background
during normal use. The rest takes ~15 minutes.

If you compile stuff like kernel, userland or ports from source,
you'll have to spend more time upgrading. But you rarely need to
compile stuff from source.

Besides, you wont save time upgrading once a year. You'll have to do
two upgrades at once. OpenBSD does not support upgrades that skip a
release.

Floor


>
> Thanks again,
> B  B  B  B  Peter
>
> On Sun, Aug 2, 2009 at 4:36 PM, Jim Faulkner<[hidden email]>
> wrote:
>>
>> I have an alphastation DS10 that I went through a bunch of operating
> systems
>> on recently, so I may be able to give you some advice. B However, I'm
using

>> mine as a desktop, and I have a decent tolerance for high maintenance
>> operating systems, so my needs are not the same as yours.
>>
>> As you mentioned, NetBSD was rather buggy and, if I remember correctly,
>> could not install to the hard disk because of a SCSI driver issue.
>>
>> OpenBSD worked quite a bit better, displaying no obvious hardware bugs,
>> however I was not able to get X11 working, which derailed my plans to use
> it
>> as a desktop.
>>
>> I finally settled on Gentoo Linux, which is wonderfully stable on my DS10.
>> It has X11 working well, and even has the latest version of Firefox
>> available.
>>
>> If you're just using it as a firewall, OpenBSD would be a good choice.
>> However, OpenBSD does not use iptables or ipf, rather it uses a much more
>> modern firewalling language called pf. B So you'll have to learn pf, but I
>> think you'll find it a pleasure to use.
>>
>> OpenBSD is quite easy to setup, however long term maintenance is not
>> trivial. B Since only the current and previous OpenBSD releases are
> supported
>> by the developers, and releases are made every 6 months, you will need to
>> conduct an upgrade once a year. B This is not a simple process, as you can
>> see in this OpenBSD 4.4 to 4.5 upgrade guide:
>> http://www.openbsd.org/faq/upgrade45.html
>>
>> Gentoo is rather high maintenance in its own way. B Unlike the large
>> monolithic OpenBSD upgrade process, Gentoo updates each of its packages
>> (including core packages like gcc and glibc) incrementally so as long as
> you
>> update your system once every week or two, you won't find alot of
headaches

>> in the upgrade process. B However, if you forget to update it for a couple
> of
>> months, you can expect to have to spend some time on it. Additionally,
>> gentoo has its own way of doing many things (portage for package
> management,
>> eselect for selecting alternatives, etc) that will take some time to learn
>> and is not useful to know outside of the Gentoo context.
>>
>> In all honesty, if you're looking for a long term supported operating
> system
>> that you should be able to update without problems, I think you may want
to
>> reconsider Debian. B I know you mentioned you had a problem with it, but I
>> think if you install the latest stable release you'll find that you can
>> "apt-get upgrade" every few months with little effort. B Sure, every few
>> years you'll want to reinstall the latest stable version, but thats
nowhere
>> near the need for 6-12 month upgrades of OpenBSD.
>>
>> If you haven't tried OpenBSD before and you want to explore a new
operating
>> system, I'd say go with OpenBSD. B It really is a pleasure to use, just
make

>> sure you read the documentation and your root mail after installing.
>>
>> If you want a set it and forget it OS which requires little maintenance,
> you
>> might want to go with Debian.
>>
>> Jim
>>
>>
>> On Sun, 2 Aug 2009, Peter wrote:
>>
>>> Hi,
>>> B  I have an alpha server DS10 which I intended to use for a
>>> firewall. B Originally it ran debian linux on it a long time ago but I
>>> tried to update it recently using the debian package manager and it
>>> was too far and decided to really screw up the system. B This had
>>> actually just happened to me on another older computer so I decided I
>>> was sick of debian.
>>>
>>> B  I had a netbsd 1.5 cd lying around and I decided to install that.
>>> This was heinously buggy but I figured I could learn something from
>>> getting it to work. B I even sent a patch to the netbsd people for some
>>> of the network code, but they just redid it better. B At any rate I was
>>> "tracking netbsd current". B Now every time I updated and recompiled,
>>> it took days and usually failed for something silly. B I think I
>>> realize now that it was ridiculous of me to expect a cvs repository to
>>> be compilable all the time. B The last time it did this, it kept
>>> failing because some manifest list of files was wrong. B And I've had
>>> numerous problems since 1.5 is an old version and put some cruft on
>>> the system that other setups don't like. B That's why I was tracking
>>> current in the first place, to just replace it all. B But so I was
>>> tired, and I just wanted to get it done, and I went and deleted a
>>> bunch of "extra" libraries that it was complaining about. B I thought
>>> these were in an object directory that was later copied to the root,
>>> but it was a link, and, like I said I was tired, but it borked the
>>> system. B Things like libpam are missing.
>>>
>>> B I feel like I have two choices. B I'm not messing around with netbsd
>>> current anymore. B So I'm either going to order a netbsd 4 cd or
>>> whatever, or I'm going to switch to openbsd. B I ran openbsd on another
>>> computer and it was fine, but the hardware on this one is a little
>>> stranger.
>>>
>>> B Anyway, I'm writing for suggestions on which OS I should go with.
>>> Like I said its a DS10, I'm using it as a bridging firewall, it has a
>>> pci usb card and two tulip-type dec chip ethernet cards. B I was using
>>> ipf to do things, but I've also used ipchains. B I'm buying something
>>> so if anyone has time, it would be nice to have some assurance that
>>> one of these OSs is better for what I'm trying to do. B I'm not even
>>> sure netbsd 4 has bridge-ipf support, so that's an issue for me.
>>> Thanks for reading all this.
>>>
>>> B  B  B  B  B  B  - Peter
>
>



--
Floor Terra <[hidden email]>
www: http://brobding.mine.nu/

Reply | Threaded
Open this post in threaded view
|

Re: openbsd or netbsd alpha firewall

Henning Brauer-10
In reply to this post by Jim Faulkner-6
* Jim Faulkner <[hidden email]> [2009-08-02 22:39]:
> OpenBSD is quite easy to setup, however long term maintenance is not  
> trivial.

what? i run over hundred openbsd systems. the long term naintainance
is pretty much trivial.

> Since only the current and previous OpenBSD releases are  
> supported by the developers, and releases are made every 6 months, you  
> will need to conduct an upgrade once a year.  This is not a simple  
> process, as you can see in this OpenBSD 4.4 to 4.5 upgrade guide:
> http://www.openbsd.org/faq/upgrade45.html

upgrades are nearly trivial. the upgrade guide is just very very good
and detailed.

on average I need about 2 minutes for an upgrade per machine.

--
Henning Brauer, [hidden email], [hidden email]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam