[TriLUG] OT: decent OpenBSD firewalls [was: "question 1: RH 7.1 FTP access SLOW"]

[Chris Hedemark]

On Wednesday 20 February 2002 10:37 am, you wrote:
> Well, probably, but I've found most of the home broadband firewalls doing
> NAT don't seem to support it, at least by default.  Maybe I'm just
> clueless on how to set it up, but I've always found active mode a royal
> PITA and passive mode to work fine.  :)

Get yourself a throwaway pentium computer, and two $10 PCI NIC's (three if 
you want a DMZ).  Load OpenBSD.  Configure pf, squid, named, dhcpd, ntpd, ftp 
proxy, etc.  You'll have a firewall that absolutely shreds over the cheapo 
firewall appliances.

> At work, yes I do need a better firewall.  We're running some ancient
> Yugo-brand firewall/router box that seriously needs to spend time in a
> junkyard[1].  Too bad the IT department thinks it's wonderful.  Ugh.

Get permission from your higher ups and then break it from the outside.  That 
may be enough incentive for them to spend the $800 to get a guy like me in 
there to set up a new one.  :-)