|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Fanless firewall
Hi,
I am aiming at installing an OpenBSD firewall for home usage (with only two or three PC connected). Did any of you tried this ? http://www.wdlsystems.com/Box-PC/Lig...-and-Dual.html I found this on the misc mailing list, but it diverted into talks about SD cards : http://marc.info/?l=openbsd-misc&m=123964416120381&w=2 Specifications : Processor MSTI PDX-600 -1GHz (Fanless) Memory 512 MB DDR2 onboard VGA XGI Z9S with 32MB DDR2 1st Eth Int Integrated 10/100 Mbps LAN 2nd Eth Int Realtek 8100B 10/100Mbps LAN BIOS AMI BIOS Would it be powerfull enough ? (The processor is an equivalent of a 486DX) I found this as an alternative : http://store.netgate.com/ALIX6F2-Kit...d-P345C82.aspx Last edited by albator; 28th November 2013 at 08:42 PM. Reason: netgate link |
|
|||
This depends on your needs.
Quote:
I run -current on a number of Alix systems myself. Other regulars here do too. If gigabit Ethernet is a requirement, note that PC Engines is supposedly coming out with an updated model in 2014: http://www.pcengines.ch/apu.htm Last edited by ocicat; 28th November 2013 at 10:13 PM. Reason: clarity |
|
|||
100Mbps NIC could be a limiting factor when you want to copy files from one PC to another
Last edited by bsdplus; 29th November 2013 at 06:54 AM. Reason: fix MB to Mbps |
|
|||
See http://www.daemonforums.org/showthread.php?t=7632 for some details and pictures of my Alix system.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
|
|
|||
Thank you all for your answers.
The eBox might not be the best choice as not many people seem to be using it in favor of Alix or Soekris systems. I plan to connect to the serial port over USB, so I'll search the mailing list for more feedback. Among possible installation methods on the Alix systems there are : - flashrd which writes directly to the compact flash http://www.nmedia.net/flashrd/ - PXE I found this guide which looks nice : http://markshroyer.com/guides/router/ I was wondering if this was possible to boot through an OpenBSD USB stick and install from it as I do on my netbook. In other words, if these cards were usb bootable, and if the boot loader was accessible on the console then. But in fact it is not, leaving two ways to install. |
|
|||
The simplest method is to insert the Compact Flash card in an USB card reader and use an OpenBSD i386 install CD/disk to install to the CF card. You just have to do inspect the dmesg output to figure out which device name the installer is assigning to the CF card.
An example with an old 512MB CF card: Code:
umass0 at uhub0 port 5 configuration 1 interface 0 "Genesys Logic USB Storage" rev 2.00/93.21 addr 2 umass0: using SCSI over Bulk-Only scsibus3 at umass0: 2 targets, initiator 0 sd0 at scsibus3 targ 1 lun 0: <Generic, STORAGE DEVICE, 9321> SCSI0 0/direct removable sd0: 488MB, 512 bytes/sector, 1000944 sectors sd1 at scsibus3 targ 1 lun 1: <Generic, STORAGE DEVICE, 9321> SCSI0 0/direct removable sd2 at scsibus3 targ 1 lun 2: <Generic, STORAGE DEVICE, 9321> SCSI0 0/direct removable sd3 at scsibus3 targ 1 lun 3: <Generic, STORAGE DEVICE, 9321> SCSI0 0/direct removable If during the disk partitioning, you use a DUID (Data Unit Identifier) instead of a disk device name like sd0 it does not matter how the Alix board identifies the CF card. The /etc/fstab file will then look something like this: Code:
3a6d4322b09ba067.b none swap sw 3a6d4322b09ba067.a / ffs rw 1 1
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Quote:
As for installation on an Alix system, the initial install onto a blank (or unrecognized...) CF card will require the most thought. The Alix BIOS supports PXE booting, & setting this up is really a useful exercise for the uninitiated. PXE requires TFTP & DHCP servers be accessible. Section 6.10 of the FAQ describes the process. Of course, having a serial connection set up is necessary to make the appropriate changes to the Alix BIOS. ...& jggimi was right on the connection speed. There was a question on misc@ just a few days ago on this very question, & apparently, the OP hadn't read PC Engines' documentation, or explored the BIOS options. Quote:
Last edited by ocicat; 2nd December 2013 at 08:05 PM. Reason: correction: Shroyer's guide references OpenBSD 4.8 |
|
||||
I have found that with a pair of them interconnected via null-modem cable, it is better to have the tty00 devices disabled in /etc/ttys, so that they do not interfere with one another while in multiuser mode (normal operation).
During maintenance, such as with bsd.rd for upgrades or while in single user mode, the /dev/tty00 serial port console is used without /dev/ttys. One merely need ssh into the operational platform and then connect to the system under maintenance with cu(1). |
|
|||
Thanks for all your tips, I do appreciate it.
Quote:
Ocicat is right too in saying that going through a PXE installation could be a good exercice. While the APU device should be a good one, I am also looking at the Shuttle DS47. It's just a little more expensive than an Alix system but more powerfull (and more power hungry I guess). Last edited by albator; 1st December 2013 at 04:05 PM. Reason: typo |
|
||||
Quote:
There is no requirement that the boot services be the same OS that you're booting. They may also be on separate servers. As far as I know, though, there is a requirement that you used a wired Ethernet connection. I've yet to see a WiFi NIC that could be used with PXE. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Tunnelling SSH though a firewall with ssh -L | Carpetsmoker | Guides | 0 | 13th November 2010 09:09 PM |
Needs for a firewall | milo974 | OpenBSD Security | 1 | 31st December 2009 03:00 PM |
PF firewall | bsdnewbie999 | OpenBSD General | 3 | 28th April 2009 12:35 PM |
Windows Firewall | JMJ_coder | Other OS | 8 | 20th July 2008 08:22 PM |
Web GUI for firewall ? | giga | FreeBSD General | 6 | 8th May 2008 05:10 AM |