OpenBSD and FreeBSD
 

Hey All,
Currently, my main machine is just for browsing the web, playing with games, and of course, learing on. But now that I don't have to have wine for school, I can get rid of mandrake. I have the FreeBSD CDs, and I've installed it before, with the only complaint being the firewall not working (now that I look back it was a simple syntax error on my part). But I'm wondering, should I install FreeBSD or OpenBSD? I really like FreeBSD, but I've never tried OpenBSD, so I really don't know. This machine will be a router with the abyss web server on the internal NIC and Apache web server on the external NIC. It will also have SSH tunneling from several machines behind it, and a DNS/DHCP server on the internal NIC.

FreeBSD or OpenBSD?
Thanks!

If your planning on using it as a desktop and not a headless server i would have to say FreeBSD hands down.

OpenBSD is designed with security in mind. Stack corruption usually causes the kenel to dump the offending userland executable (no invading the box with a sneaky buffer overflow issue). Yet, openBSD lags behind freeBSD is available software, those the gap isn't as wide as some make out.

For convenience sake, for the widest range of software on a *nix platform, I say stick with freeBSD. If, on the other hand, you want to thoroughly investigate how to do security *right* then openBSD is a great choice.

YMMV.

Cheers--
Charles

Well it entirely depends what your philosophy on OSs is.

FreeBSD is slightly more scattered and bloated than OpenBSD, but it tends to support new hardware more quickly (although OpenBSD often imports hardware-specific stuff from FreeBSD or NetBSD to keep up). FreeBSD developers are constantly tinkering trying to get the most performance possible out of the i386 platform. This means that the development tree (5.x) is some times unstable. FreeBSD also has a lot more active "ports" of software than the other two BSDs (some where around 10,000 software packages can be built).

On the other hand, OpenBSD focuses very much on correctness and security. OpenBSD has a very centralized and simple configuration, not the split configuration styles that FreeBSD has (on FreeBSD you setup the main daemons in /etc/rc.local, but user install daemons have different install scripts in /usr/local/etc/rc.d). The OpenBSD firewall is highly superior to either of the other two firewalls on FreeBSD (so much so, that the FreeBSD devs ported the OpenBSD firewall to their platform, making a 3rd option).

So really the choice is cutting edge hardware support and maximum performance (will you even notice the difference?) vs. correctness and security. If you think you're going to install tons of very obscure software packages, then maybe FreeBSD is the way to go. You can check the contents of the ports tree for OpenBSD and verify if everything you need is there. From what you mentioned so far, you can do it all on OpenBSD, except I'm not familiar wity Abyss webserver. Do you intend to run that on the machine itself (if so, why two different web servers, that sounds counter-productive) or just pass traffic to a different box that is running Abyss?

Personally, I use OpenBSD for everything (even my workstation desktop) except when I need to test a Mono build for my brother (it hasn't been ported to OpenBSD and I don't feel like trying it from source).

I really like OpenBSD. It doesn't have that many ports, but you can build almost any package that you need from source. And when it says secure by default, it means it. And there are even more numerous things that you that can tighten it down even more. I'd say OpenBSD is the perfect firewall/router, but it also can be used for servers. For me, I doubt I'd use this on a laptop (but I wouldn't use any BSD for that anyway, linux...) or a desktop, but it totally owns the server/firewall category. And c'mon, a primary and secondary firewall that talk to each other using pfsync? That's sweet.

I use it as a gateway from my router into my lan. PF makes sure nobody launches attacks from it either (blocks many outbound connections). For your use, it sounds like OpenBSD to me.

Hey,

First off, the reason I have 2 webservers:
The main one (apache) is used to host my main webpage and a few friends web pages. It operates on eht0 only. Then, I need a website for the internal lan for several reasons (the biggest being file transfers) so I decided to put on abyssws as its allot faster than Apache for downloads and uses way less resources, although it sucks at everything else.

Second, I can't seem to get freeBSD to work. The first time I installed all went well, but then, I had to put mandrake back on for a week, and when I went to put freeBSD back onto it, it never asked what distributions to install, so I was left with an almost non working system.

I tried 3 more times and each time something big went wrong. The first two, it never asked me what distributions, and the third time, it wouldn't let me make a new slice on my FreeBSD partition, so I never got it installed. Is OpenBSD any better? Right now I have slackware installed, which is nice, but it doesn't have a ports system (except for swaret). Is there a better ports system you can get for slack? I use gnome but I also have all the KDE stuff installed.

Thanks!
Danny

I've never heard of having those types of problems installing FreeBSD. Perhaps you have a bad CD burn? Did you try formatting the disk before attempting to run the FreeBSD installer?

Yeah, I tried formatting the disk. But then it had a bunch of errors when booting because /dev wasn't setup, ad freeBSD assumes its already done if the disks formatted.

Hmmmm, that doesn't sound at all right. I think some how you're skipping steps in sysinstall. I've never had a problem installing FreeBSD on a disk that was already formatted (well, I've never installed an OS on an unformatted disk).

Hey,
I got freeBSD to install, but now I face a different problem. I got FreeBSD working great, and I love its port system and the ease of everything, but I can't seem to find a good GUI for configuring IPFW. I tried a bunch (qtfw which didn't work at all, fwbuilder which I can't use cause I can't install SSH, and a few others I forget the names of). So I think I'm gonna have to go back to linux, as I can use shorewall or another firewall GUI for that, but I'm not sure what distro to use.
I really want one with a packaging system like freeBSD, but slackware doesn't like my sis NIC and I don't have the patience for gentoo. I need it to have X (gnome and all the KDE libs so I can run KDE programs), iptables (well, I guess just about every distro has this...) and good hardware support. RH, Fedora, and Fedora core won't work on my system, and I find Mandrake to be even slower than windows, so those ones are out of the question... :)
Any help here would be wonderful, as I need to have this fully installed and ready to be configured by tomorrow morning... tight deadline eh?
Thanks!
Danny

Why not configure your firewall by hand? A gui really is not needed when you only need to type in a couple commands. My rule set is no more than 6 lines. I pretty much deny everything inbound except to ssh and allow any outbound connection to leave. Granted it is a workstation and not a firewall.

Second why dont you install KDE on Freebsd? If you know how to use the packadges/ports it should be a breeze.

Last SSH is already installed! Unless you somehow disabled in it rc.conf or who knows how disabled it during install.

PS: You need to recompile your kernel in freebsd to add firewall support.

Hey,
I am using this machine as a router for several computers, so I don't really want to have to code it by hand, at least not the first time. But I did get slackware to work, so does anyone know how to install the .fw file the compiler makes? I'd really prefer not to install and setup ssh, but if I have to, I guess I have to... :(
Thanks!
Danny

Asking for slackware help in the *BSD forum really is not the thing to do...

Not to mention that running X on a firewall and using GUIs to configure it are not really recommended, either. If you're going to manage a firewall, then you should know how it works. Read the documentation for IPFW (or netfilter/iptables, whatever you go with) and you won't be sorry. Just having "a firewall" isn't going to protect you from anything, but knowing how to set it up properly and understanding the difference between a good configuration and a bad one will make all the difference.

Also, I am completely lost by all the references to "needing SSH" and "not wanting to install SSH". What does SSH have to do with anything, and what in the world is so bad about using it???