OpenBSD or NetBSD. FreeBSD?
I was thinking about making OpenBSD box, NetBSD box, or FreeBSD bos. Except I am confused about which is better for the purpose of making a firewall. The only experience I have is with RH6.2, 7.0, and 7.2. Although I think the experience isn't that deep. The OS should be able to do iptables, and support LNE100TX ethernet cards. Also ease of installation is a little problem, but is overlookable.
Thnaks in advance
The card is pretty generic, I know that FreeBSD supports it, although the differences between the BSDs are monstrous compared to the difference between the different distros.
IPtables is specific to the Linux Kernel, which the BSDs do not run. Not only that, its specific to the Linux kernel series 2.4.x, before that was ipchains, and back in 2.0.x land was ipfwd...er something.
There are firewalling tools for all of the others, and of the three, the least user friendly and the most neurotically secure by far is OpenBSD. No remote root in 4 years as they claim from OpenBSD.org.
Are there any other solutions as good as OpenBSD? I looked at there site and I found out that they dislike giving out ISOs. (By Dislike I mean they don't do it) And also that they don't run any other the Linux stuff I'm used to ipchains and the like.
I'm trying to lean away from the Linux distros for two reasons:
1) I want to learn something new.
2) It's come to my attention that Linux is inferior to *BSD series because once a hole is found in any Linux distro it brings down most of the others. And I guess *BSD doesn't do that. (I'm guessing most of this information)
Thanks in advance
OpenBSD is free if you want to do a net-installation. SuSe and RedHat I know off the top of my head do those too. Its quite easy. If you haven't found the page (its kinda buried), yeah they don't offer ISOs at all.
Net and FreeBSD both have freely available ISOs.
The idea behind Open was that it was a fracture group of NetBSD that wanted to get more involved in security, hence their rigid release schedule coupled with a front to back security audit every release. The idea behind Net was to add to the portability of FreeBSD. Right now I think NetBSD will run on anything from a Tomagotchi to a toaster. Their platforms supported page is kind of nuts.
FreeBSD is easily the most supported, quickest to bugfix, largest group of the three, and probably the easiest to get help with. All of them will support linux binaries, but not ipchains necessarily. To address your concerns numerically:
1. Hell yeah, you might also want to try LFS, track down a copy of X86 Solaris (cheaper than buying a sparc), and BeOS, QNX, UnixWare.
2. Very few of those instabilities have anything to do with the Linux kernel, but are really problems with the most popular different programs and daemons that are default shipped with the distros. Wu-FTPd, the raging river of suck in the world of security updates was a good example. Even the kings of sticking their head in the ground, RedHat, finally stopped shipping that monster with 7.2.
50% of these vulnerabilities apply to the BSDs too. They usually use the same stuff: same holes in Bind, same Sendmails, same SSH, etc.
Open doesn't ship iso's cuz for them shipping cd's is one of their sources of support. Considering the Open team also gave us OpenSSH, IMO thats a good argument to buy a cd. Anyway, the base OpenBSD (3.0) install tarballs weigh in at about 30 megs so that aint a major D/L.
finegan: couldn't have said it any better myself. You could go with either OpenBSD and/or FreeBSD.
Here is a thread relating to the type of firewalls people use, it is either ipfw or ipfilter on FreeBSD or ipf on OpenBSD. You will hear people praise one or another but pick one based on requirements and personal preferences.
Also, here is another article on securing small networks with OpenBSD.
Just begun exploring OpenBSD3.0.
Small footprint, fast...
and 3.0 comes with a brand new highly configurable packet filter called pf for NAT and FW
I've ftp Insatlled OBSD and FBSD. The FBSD is more user friendly. OBSD is text based but pretty simple. The OBSD has installed, first try, on both machines I have it on. FBSD used to hang during the transactions and I'd have to try several mirrors to get it to complete.
very disturbing when it's half finished...
I used to have FBSD log issues on one machine (cyrix 486DX2)
not enough space on /var, The logs would fill up and scroll errors. I just didn't have any more disk space to spare. I'm sure I could have tweakecd it, but it was time to take OBSD for a ride.
OBSD has run without any such problem.
Both ran fine aon a Generic P4 1.5Ghz
|All times are GMT -5. The time now is 09:35 AM.|