OpenBSD or Linux Firewall?

Tom Achtenberg plug-discuss@lists.plug.mybutt.net
Thu, 17 Jan 2002 15:16:58 -0700 

I forgot to add it is based on a modified RH7.1 and their web saddress is www.e-smith.org

-----Original Message-----
From: Tom Achtenberg [mailto:Tom.Achtenberg@fh.org]
Sent: Thursday, January 17, 2002 3:10 PM
To: 'plug-discuss@lists.plug.mybutt.net'
Subject: RE: OpenBSD or Linux Firewall?


I've been using Mitel's e-smith 5.0 for a couple of months now.  Both on my old Qwest VDSL and now my slow dial-up (snif) It works great with DHCP from the outside and provides DHCP for the internal machines.  I've been able to VPN through it to the firewall at work with no problem at all.  When I recently ran some security tests on it based on a thread we had a week ago or so it passed with flying colors.  I have 5 workstations (3 Win98, 1 Win 2K and 1 Linux RH7.2) and an NT 4.0 server all going through it with no slow down at all.  It even has a built in email server if you want to have one.

-----Original Message-----
From: Jeffrey Pyne [mailto:jpyne@worldatwork.org]
Sent: Monday, January 14, 2002 12:15 PM
To: 'plug-discuss@lists.PLUG.phoenix.az.us'
Subject: OpenBSD or Linux Firewall?


I got Cox' conversion kit in the mail this weekend, so I guess I need to switch over to their new "hi-speed" service.  While I'm switching, I thought I might as well upgrade my firewall.  I'm currently using OpenBSD 2.6, and this baby has been running trouble-free for 2 1/2 years (not including a couple power outages).  I've been thinking about switching to Linux, since iptables now offers "stateful" firewalling (the lack of that functionality in ipchains led me to go with OpenBSD way back when).  My requirements are as follows:

1) Must be able to handle DHCP since Cox.net apparently won't offer any static IP addresses (*sniff*)-- not just in terms of getting an IP address, but also in terms of the firewalling
2) Must be able to establish a VPN tunnel to a Checkpoint firewall-- I know Linux can do it with FreeS/WAN, and a quick search of Google leads me to believe OpenBSD can handle it as well
3) Must be able to "redirect" incoming traffic to other IP addresses/ports on the internal LAN- OpenBSD does that beautifully, and I imagine iptables does that now, too.
4) Must be able to NAT the internal LAN for outbound traffic- should be a no-brainer for both Linux and OpenBSD
5) Must be as rock-solid as my OpenBSD firewall has proven to be over the years

So, would anyone care to offer their input about whether I should upgrade to OpenBSD 3.0 or move to a Linux platform?  Any caveats, gotchas, or bugaboos?  Any particular strengths or weaknesses RE: any of my requirements?  Anyone ever set up a VPN tunnel to a Checkpoint firewall who would like to share any insight or experiences?  Anybody else made the switch over to Cox.net and have anything to say (I noticed on there web page that their DHCP leases expire every 4 hours)?  Any particularly good documentation that you might like to share?  I am very intrigued by some of the floppy-based Linii, but I'm really interested more in whether the solution can handle the above requirements than how much space the installation requires.  

Thanks in advance,

~Jeff
________________________________________________
See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.

PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.mybutt.net
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
________________________________________________
See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.

PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.mybutt.net
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss