# Getting DSL soon, what do I need to do?

## dalek

Well I found out that sometime before next summer DSL will be getting here.  I need some info on what all I need to do.  I have a old AMD 400MHz machine.  I plan to have two computers hooked up so I'll need to share the connection.  I've heard of something called smoothwall, will that work.

I want the thing to be secure so I can be a good 'netizen'.  It will be bellsouth.net if that matters and you are familiar with them.

I'm disabled so I want to get a headstart on this thing.  I can't spend a whole lot at one time.

I do run Gentoo here, via dial-up.  Prolly not very secure at the moment so I want to improve that before it has a permanent connection the net.

Please share your ideas on this.  

Thanks

 :Very Happy:   :Very Happy:   :Very Happy:   :Very Happy: 

----------

## smiley

As far as a firewall goes, I would emerge shorewall, then use the shorewall quickstart guide. There's also some forum topics around about shorewall. I also like the additional security if a dsl/cable router, which also acts as a type of firewall, but it's not a necessity.

smiley  :Cool: 

----------

## dalek

Well I was trying to download the docs for shorewall.  It seems their server is down or something.  It got partway through and it just quit.  The site doesn't do anything now.  Well it appears to just be the admin guide actually.  I'm confused, as usual.

I do want to use the old AMD 400 for a router/security thing.  That way if they mess it up they can't get to my main rig.  Mess with my Gentoo and I'll kill them dead.    :Evil or Very Mad: 

Now to see what's up with shorewall.org.

 :Confused:   :Crying or Very sad:   :Confused:   :Crying or Very sad: 

----------

## BiOCHiP

If you want to have a dedicated firewall box, be sure to check out smoothwall, as you mentioned. If you want to have another linux box to play with, which acts as a firewall too, just install gentoo on the thing and run shorewall.

----------

## revertex

why not buy a dsl/router with a integrated firewall?

----------

## BiOCHiP

 *revertex wrote:*   

> why not buy a dsl/router with a integrated firewall?

 

Less flexibility, less fun  :Smile: 

Oh, and it costs more if you already have some old spare box.

----------

## dalek

The old machine is doing nothing anyway.  I want to put it to good use.

Still can't get that doc from swoothwall.org though.  I email them to check on it.  May be a bad file or something.  It got partway through the first time and died.

This crap always happens to me.    :Crying or Very sad: 

I hope I can find a used modem.  Those things are not cheap, not like dial-up.

Keep those ideas coming.

 :Very Happy:   :Very Happy:   :Very Happy:   :Very Happy: 

----------

## yodi

 *Quote:*   

> why not buy a dsl/router with a integrated firewall?

 

The netgear 834 runs on linux, you can get telnet to it if you put the router in debug mode. This way you can change anything on the router. Although it is all lost when the router is restarted in any form, this still provides a whole host of fun to be had...

----------

## revertex

 *BiOCHiP wrote:*   

>  *revertex wrote:*   why not buy a dsl/router with a integrated firewall? 
> 
> Less flexibility, less fun 
> 
> Oh, and it costs more if you already have some old spare box.

 

totally agree.

ipcop does the same than smoothwall, but their docks rocks!!

i've tried both in the past, ipcop is much better (IMHO).

http://www.ipcop.org/cgi-bin/twiki/view/IPCop/WebHome

your spare box is powerfull enougth to be a nice server, why not install gentoo then run a firewall /fileserver /mailserver /webserver?

with distcc and ccache you can install gentoo really fast. 

there's tons of how-to's in these forums to follow.Last edited by revertex on Sun Sep 26, 2004 9:33 pm; edited 1 time in total

----------

## pratttech

I had a similar setup when I first got DSL back in the day.

Win98 Desktop

FreeBSD 4.4.1-9 Samba PDC

OpenBSD 2.5 IPF-FW/GW

The firewall was a 386 and the hardware stb in 2002 so I replaced it with a Linksys.  The cost analysis won out in an appliance favor than another old pos, but it is fun running a server on your connection.  

I also believe that OpenBSD wins bar none if I have a *nix bastion host.

----------

## dalek

Hmmmmm, not sure I would trust the old thing that much.  It also don't like my 80GB drive.  It, BIOS, just will not see it there.  Too big I guess.

If anybody has some ideas that are cheap, that would be good.  I assume I HAVE to have that DSL modem though.    :Sad:    Piced out alcatel external so far.  I like external stuff.  Easier to reset.

I just want to make sure it is secure and not used to attack somebody else.  I would be pissed.    :Evil or Very Mad:    I will likely use ssh too.  hmmm, got to change password now for sure.

Also, my older brother, seperate house and all, will get it too. What should he get?  He uses microshit XP.  Hardware router?  Bullet proof vest.    :Laughing:    He will want a harware thing that does not require him to do much.  He is not real computer savey (sp?).  Me, I want it cheap, and stable as a rock.

What you think?  How hard is this BSD stuff?  I have heard of it but never seen it.  I have talked to people that use that for servers and firewall stuff.  hmmm, where do I get it?  

Later

 :Very Happy:   :Very Happy:   :Very Happy: 

edit:  I can't type worth crap, don't bug me about it.    :Crying or Very sad:   :Crying or Very sad: 

----------

## NeddySeagoon

dalek,

Smoothwall is good but it takes over the whole PC. My Smoothwall Express box runs on a Cyrix 200Mhz PC with 64Mb RAM and 120Mb hard drive. Unfortunately, thats not enough to run a caching web proxy.

You can probaby jumper the drive to report that its only 33Mb to the BIOS. Linux will sort out the mess after booting, so you will still see it all.

Be sure to get an external ADSL/Ethernet box. They just work and when they don't the flashing lights provide some hints. The firewalls in these things are often linux based but are rarely updated. So become less effective with the passage of time. 

If you have to ask about BSD, you are not ready to set up something so mission critical as a firewall with it.

If you want to use your 400MHz box as a PC too, put iptables in the kernel and get one of the many rules tools around.

You brother needs Gentoo - give him a liveCD.

----------

## pratttech

OpenBSD is not much harder than Gentoo.  It actually installs quick and fast from tgz compressed "filesets".  If you have all the ones you want you can do a *full* install in an hour.

The OpenBSD install is very light and tight.  At the end you will have a box with virtual ttys and not much else; but the BSDs invented the ports systems (ala Portage) and you can build what you want or need.

If it is a gateway box, less is better.  More services = more potential exploits.  PF is their new firewall sw, which is a ground up rebuild of IPF after Theo had issues with the original IPF author.

You will want a box with three interfaces or four if you'd like to run external services.

Each segment gets an interface:

One to DSL modem and outside address

One to your stuff

One to your brother

One to an optional DMZ area

As far as writing rules, I recommend default deny and only open what you need, no more.  Syntax varies from one product to the next, but is essentially the same stuff.  You get allow any, your brother maybe 80 or 25 depending on what he needs.  Lock down the outside and open to the DMZ whatever you intend to host.

When I did this I ran apache and sendmail on the internal FreedBSD box and BIND with the firewall.  It was fun, but after time a bit of time I decided way overkill for just me  :Wink: 

----------

## dalek

Well my brother will have his own at his house.  He lives up the road from me so I can set it up for him.  He just won't know how to keep it up to date or anything.  He is the oposite of a computer guru.

I learned Linux pretty well.  I have time to mess with BSD.  I should be able to learn something by the time it gets here.

I also plan to take coffee and iced tea for the guys putting in the new box for DSL.    :Very Happy:    I want to keep them happy.  It is only about 1500' from my house.  I may get the speed next up from the basic one.  I do run Gentoo and download a lot of stuff.  Help me keep my background for my desktop changing.  I got about 8000 pics now with the slide show thing changing every minute.   :Very Happy: 

I found a place to download some BSD stuff.  I'm not sure at the moment what I need to get though.  I'm searching for a how to on google.  hmmm, google/bsd maybe???

Keep the ideas coming guys.  I've been waiting for this a good while.

Later

 :Very Happy:   :Very Happy:   :Very Happy: 

----------

## pratttech

The state of DSL in this country is shite from what it should be.  I only run DSL because my ISP will host my domain as part of the monthly fee and they block nothing.  I have residential 1500/128KB ADSL from them with Verizon as the LEC.  It costs me $39.99/month.  Cable is $10 more a month but I could get 2000-4000KB down supposedly.  If I had extra dough, I'd try both at this point and see if I could route between either.  Neither offers a free static IP.  I can also see my CO from my front door.. what I wouldn't give for a dry pair or a antenna on the roof, lol.  Start a basement ISP, with a 54MB 11g pipe, hehe.  

I think it's all big business bushit.  After the Telcom stuff in congress in 96 things got going well at first.  I had NorthPoint 768KB SDSL with a static IP on my second pair (no filters) for the same $39-- server heaver.  Then Verizon boned them in the ass by agreeing to merge and then pulling the offer after NorthPoint blew it's little wad in the excitement.  NorthPoint was left in bankruptcy and Verizon bought their DSLAMs for pennies on the dollar.  End result is a crap experience for the end-user.  My parents gt the same package from Verizon as I have from my ISP because they get a reduced rate for the first months; but the speed is horrible.  My ISP already said that they could assume the line after the deal is up.

There is no reason save beaurocracy as to why DSL can no offer me VHDSL speeds ecept that they are tech hoarders keeping the people locked out.

----------

## NeddySeagoon

pratttech,

All that a bigger pipe in the home does is move the bottleneck further upstream. I can only get 512/256 but I get a /29 at no extra change

----------

## dalek

All I know is DSL is better than what I have.  I currently have a 56K dial-up that only gets me 26.4K, sometimes 28.8K.  I pay $16.00 now, it will be about $25.00 for basic, $35.00 for the one I really want.  I would like to have a web server for my own web page and all but I doubt I can do that anyway.

I got a how to from here:  http://www.vmunix.com/fbsd-book/  That should help me get started on BSD.  Looks pretty easy, I may be wrong, usually am too.    :Rolling Eyes:   :Embarassed: 

Anyway, keep those ideas coming.  This is going to be one locked down puppy.  I hope I can still surf the web though.    :Rolling Eyes: 

Later

 :Very Happy:   :Very Happy:   :Very Happy: 

----------

## dalek

On this BSD thing, do I need the GUI stuff or, like Linux, I can do without it?

I'm printing the how to now.  Poor printer.    :Crying or Very sad: 

Later

 :Very Happy:   :Very Happy:   :Very Happy: 

----------

## pratttech

 *NeddySeagoon wrote:*   

> pratttech,
> 
> All that a bigger pipe in the home does is move the bottleneck further upstream. I can only get 512/256 but I get a /29 at no extra change

 

Who is your provider?  I could really enjoy 6 static IPs  :Wink: 

BTW dalek-- my recommendation was for OpenBSD for a firewall.  Support is excellent and its  track record with security is without equal.

----------

## pratttech

 *dalek wrote:*   

> On this BSD thing, do I need the GUI stuff or, like Linux, I can do without it?
> 
> I'm printing the how to now.  Poor printer.   
> 
> Later
> ...

 

When I ran my firewall I had nothing but ipf w/nat rules.  You can run it headless, but if it has a card and you have an old monitor...I found a halfdozen vtys with ntop on the main worked well for my purposes.

----------

## dalek

 *pratttech wrote:*   

> 
> 
> BTW dalek-- my recommendation was for OpenBSD for a firewall.  Support is excellent and its  track record with security is without equal.

 

Open BSD?  Well I stopped the printer.  Gone diggin again.    :Crying or Very sad: 

Thanks for the correction.  Sending other BSD info to /dev/null.

Keep them coming.  Progress is doing well.

 :Very Happy:   :Very Happy:   :Very Happy:   :Very Happy: 

----------

## dalek

Before I waste more ink and paper, is this a good guide, and the right one to install?

http://www.realo.ca/BSDinstall.html

edit:  maybe this one.  http://www.openbsd.com/faq/faq4.html

Thought I would ask this time.    :Embarassed:   :Embarassed: 

Thanks

 :Very Happy:   :Very Happy:   :Very Happy:   :Very Happy: 

----------

## NeddySeagoon

pratttech,

My ISP is zen - www.zen.co.uk probably not a lot of use outside the UK.

----------

## pratttech

 *dalek wrote:*   

> Before I waste more ink and paper, is this a good guide, and the right one to install?
> 
> http://www.realo.ca/BSDinstall.html
> 
> edit:  maybe this one.  http://www.openbsd.com/faq/faq4.html
> ...

 

That doc looks okay, but ymmv as it's almost three years old by the date.  There is not much more to do than build a base box with packet forwarding support and then NAT and PF the connections between WAN and LAN.

I tend to use the docs provided and only do a google if I can't find what I need.  If you intend to run OpenBSD, I'd go to openbsd.org first before I looked elsewhere.  Start with the current install guide and then once you have a base system configure PF

I just saw that the PF guide also includes an example from May of this year

----------

## dalek

Uh oh.  Doing a bit of research still.  I found out I have to buy OpenBSD.    :Shocked:    This ain't good since I have a lot to buy before I get DSL going.  $40.00 is a good bit for me.

Hmmmm.  < re-groups himself >

New plan??  Maybe??

Thinking it over now.  What to do next.

Later

 :Very Happy:   :Very Happy:   :Very Happy:   :Very Happy: 

----------

## nobspangle

 *www.openbsd.org wrote:*   

> The OpenBSD project produces a FREE, multi-platform 4.4BSD-based UNIX-like operating system......
> 
> .....OpenBSD is freely available from our FTP sites, and also available in an inexpensive 3-CD set

 

Doesn't sound like you have to pay to me.

----------

## dalek

Looks like it to me.

https://https.openbsd.org/cgi-bin/order?CD36=1&CD36%2b=Add

I see $ on there.  Maybe there is a way around this???

Wonder if a Linksys will work.    :Laughing:   :Laughing: 

Later

 :Very Happy:   :Very Happy:   :Very Happy:   :Very Happy: 

----------

## pratttech

 *dalek wrote:*   

> Uh oh. Doing a bit of research still. I found out I have to buy OpenBSD. Shocked 

 

Do a little more.   :Wink: 

You don't actually have to buy OpenBSD.  However, like any Open Source project, they depend on donations and CD sales.  The ISO image from the CDs you can buy is copyright Theo de Raadt and while OpenBSD charges for them,  the OS is still free while that particular ISO image is not.

It is fairly easy to download all of the sources and bins and create your own bootable cd using cdrecord and mkisofs if you can't afford to purchase the CDs or you want yours sooner.

----------

## dalek

Is there a howto for that?  I been diggin around, no luck yet.  

I relly need this to work now.  I have printed a ton of stuff on the install.  hmmm, I got to get some ink too.    :Rolling Eyes:    Sort of running low.

Thanks.

 :Very Happy:   :Very Happy:   :Very Happy: 

----------

## pratttech

Try this link  It's pretty short and sweet, but looks right on.

Where exactly have you been digging for information at?  A google for "make openbsd iso" pretty much gave me  more than enough help including the link above.

----------

## dalek

The openbsd site of course.    :Rolling Eyes:    I should have checked google too.    :Embarassed: 

Thanks for the link.  I'll contrib to Gentoo first though, money that is.  I'm sure they need it.  I do LOVE Gentoo.

Thanks for the link.  Look "spot on".  I couldn't pass that one up.

Later

 :Very Happy:   :Very Happy:   :Very Happy:   :Very Happy: 

----------

## dalek

Well, after a lot of ISP problems, I finally got the stuff downloaded.  I followed the instructions, re: copy and paste   :Rolling Eyes:  , and now the CD just fails to boot the OS.  It will boot Gentoo just fine but all I get is "Boot from ATAPI CD-ROM: Failure" from the BSD CD.  Then it tries the hard drive which is tough since it is blank.    :Shocked: 

I did a google search but not much help.  Anybody else have this error?  What did I do wrong?

I'm fixin to try another burn.  Maybe this will work.

 :Confused:   :Confused:   :Confused:   :Confused: 

edit: new CD took longer but still failed.  also coorected my bad typing, don't bug me about my typing.  :Evil or Very Mad: 

----------

## dalek

Well, this sucks.  I have tried different things from the how to, done some google searches and this thing will not boot.  I tried it on this newer machine, no go there either.

Me lost.  Gone to froogle.  Look for something else or go buy that CD one.  It didn't give me no errors during the mkisofs thing.  Plain weird.

If anybody has any ideas, I'm listening.  I registered at a BSD site.  They still won't let me post.  I think the admin is gone away, maybe he knew I was coming.

Thanks

 :Crying or Very sad:   :Crying or Very sad:   :Crying or Very sad: 

----------

## synfin0

I always do an ftp install.  Download the openbsd files, then Copy the Openbsd files into a localally accessible ftp server, then boot the boot.iso cd and go from there.  Or you could optionally install straight from an ftp mirror.

I consider this the easiest way.

----------

## dalek

I think I'll cheat.  I have a really slow dial-up.  I went here:

http://www.edmunds-enterprises.com/linux/cart.php/ba/pdtl/product/90

I'll have it Monday, Tuesday at the latest.  See if it is hardware or the idiot in the chair.    :Shocked:   :Laughing: 

I'm getting there.  I also found a really nice Linksys router/firewall that is not to expensive.  Considering the electricity, it may be cheaper in the long run.

Anyway, I'll post back what happens with the new CD.

Thanks for the help though.  Trying to be good on this end, especially since I run 24/7.

Later

 :Very Happy:   :Very Happy:   :Very Happy:   :Very Happy: 

----------

## dalek

 *dalek wrote:*   

> See if it is hardware or the idiot in the chair.     

 

Well, it was the idiot in the chair.    :Crying or Very sad: 

I got the CD today, it booted right up.  The stuff on there doesn't look like the one I made.  File structure is different.

Anyway, I got it installed and booted.  It was really easy.  I'm going to redo it with different partitions sizes.  This leads me to my next question, I have a 2.5GB drive, I can add a second 1GB if needed.  What sizes would you recommend for the partitions and should I put x on there at all?  I really plan to just use it as a router but I will play with it some until then.  I am actually quite impressed with BSD.

Based on the percentage of disk use, with x installed and sort of working, it isn't using much at all.  That x is ugly.  I need KDE or something.    :Shocked: 

Still haven't gotten 'accepted' at the bsdforums.  I think the admin is gone or something.  I saw a post that they were having 'family emergencies'.  I would like to ask a few questions there but . . . . 

Thanks for the help.  I just wish the phone company guy would show up, with a DSL modem of course.     :Wink: 

Later

 :Very Happy:   :Very Happy: 

----------

## synfin0

I think you should be ok with the single 2.5G drive.  (If you added the other drive, you could make it the proxy storage area or swap drive)

I never install X for routers; it's just too much overhead that's never going to be used (no games either).

Here are two partition schemes from small drives in 3.5 router systems:

```
# df -h

Filesystem    Size   Used  Avail Capacity  Mounted on

/dev/wd0a    34.8M  26.4M   6.7M    80%    /

/dev/wd0f    62.9M  24.4M  35.3M    41%    /home

/dev/wd0d    31.4M   2.0K  29.9M     0%    /tmp

/dev/wd0e     250M   193M  44.5M    81%    /usr

/dev/wd0g     1.3G   203M   1.1G    16%    /var

```

Total used: 446M

```
# df -h

Filesystem    Size   Used  Avail Capacity  Mounted on

/dev/wd0a     502M   333M   144M    70%    /

/dev/wd0d    62.9M   2.0K  59.8M     0%    /tmp

/dev/wd0e     4.7G  18.4M   4.5G     0%    /var

```

Total used: 351M

/var is large because that's the default location for the squid data cache.

The second system also has linux emulation installed.  Otherwise, only a couple small packages were installed on either system.

----------

## dalek

This is what I have at the moment:

```
/      150M   

swap      300M

/tmp      120M

/var      80M

/usr      1Gb   

/home   800M

```

I did go ahead and put X on there for the moment.  I'm going to play with it for a while and do a fresh install when DSL is really close.  I just hope I have enough room for all the nics.  I need one for the modem, two for each puter.  I really need one nic that has two ports I guess.

Anyway, I can/will put other drive in there fi you can give me a hint about how it should be partitioned, and how since it ain't in the guide.    :Idea:    I have no idea how much room OpenBSD takes.  I do know this, it is very light and fast as lighting on that old machine.  BSD boots as fast on it as Gentoo on the rig in my sig.    :Shocked: 

I did get a email about the OpenBSD forums.  I'm active.  I think the guy was out of town or something.

Thanks again for the help.  I just can't wait to get hooked up.  I have been waiting a long time for this.

 :Very Happy:   :Very Happy:   :Very Happy:   :Very Happy: 

----------

## synfin0

Yeah, I love how minimalistic everything is.

What you want to do with the second drive might effect how you partition it.  I'd probably just to stick to one partition and follow this guide.  Hope your new bandwidth arrives soon.  The wait is terrible.

----------

## dalek

Update:  I ran into some hardware issues.  I think I have those sorted out only to find another one to deal with.    :Rolling Eyes:    It was crashing, a lot.  Then I noticed there is not enough room for my NIC cards because the heatsink I put on the video card covers up one PCI slot.  Figures.  I may put on a smaller heatsink with a fan built into it.  That may help.

I found another rig on ocforums.  It's a AMD 1GHz machine used for folding I think.  Anyway, I may have to use that for a bit till I can work out something else.  That was going to be for my mom but . . . . 

I am still messing with the old rig though.  I'm still unable to get ssh to work.  I'm not real sure what is up with that.  I have been reading a lot but it is sort of greek right now.  They make very little sense to me right now.  I need a real real simple one that explains what it is doing.  I said yes during the install but I don't think sshd is running.  It is not in the ps list.  I don't know how to start the thing though.

Just wanted to post a update.  OpenBSD is secure for sure.  I can't even get in.    :Embarassed:   :Embarassed: 

Later

 :Very Happy:   :Very Happy:   :Very Happy: 

----------

## synfin0

I thought sshd was installed by default (without asking), but anyway.  The default location is /usr/sbin/sshd .  You'll need the default configs and keys in /etc/sshd .  You can use /usr/bin/ssh-keygen to make the required keys.  I can post a default config, if needed.

----------

## dalek

I did answer yes to ssh when I did the install.  I went back in typed in ps aux and sshd is running.  It doesn't show up with just ps.

So it is running.  The sshd file in /etc does not exist.  I have a directory for ssh, but that is all.

Me confused.  I have been banging at it too much I think.  

May start over, again.

 :Very Happy:   :Very Happy:   :Very Happy:   :Very Happy: 

 :Confused: 

----------

## synfin0

doh.  Sorry, yeah, /etc/ssh/ is where all the files need to be.  SSH should work with root and the password you entered during installation.  Now that sshd is running:

What kind of error do you get when you try to ssh in?  Is the network up?

----------

## dalek

This is what I get:

```
root@smoker /#ssh dale@199.185.137.55

ssh: connect to host 199.185.137.55 port 22: Network is unreachable

root@smoker /#ssh root@199.185.137.55

ssh: connect to host 199.185.137.55 port 22: Network is unreachable

root@smoker /#

```

I tried as a user and as root.  I'm not sure what to do.  I think my first step is to move the rig and set it right beside me.  I get tired of running into the next room to change something.  At least now it is a tower instead of a desktop.  I took the stuff out and put it in a new case.  Part of my hardware issue problem solving.  Long story.  Don't ask.  You don't really want to know.  It's pretty old and crappy.

I have a thread on bsdforums too.  I am a complete noob to bsd.  That linksys router is starting to look pretty good though.    :Shocked:    It is here:

http://www.openbsdforums.org/forums/showthread.php?s=&threadid=25519

Sorry for being such a noob.  I have no clue and I have read the manual a few times to try and grasp all this.  I do wish I had nano though.  That vi is really something.

Thanks for the help.

 :Very Happy:   :Very Happy:   :Very Happy: 

----------

## dalek

Well I guess it was something wrong during the install.  I went back and started over.  I can ssh in fine now.  I did have to delete the RSA thing on my rig.  It didn't like the old one I had.  

Anyway, now I can get in.  Now I have to move it back where it was.  Figures.  At least I can get in though.

Thanks for the help.  No clue what it was.  Prolly something stupid I did.  At least now I can copy and paste boo boo's so you can see it.

Thanks again.

 :Very Happy:   :Very Happy:   :Very Happy:   :Very Happy: 

Hope the thing don't start crashing again.  :Sad: 

----------

## dalek

Well it stopped crashing.  It won't even boot anymore.  No beeps, no nothing.  Just the fans turning.  Looks like I'll be getting a Linksys for a while.

Still waiting on the telephone people too.

 :Crying or Very sad:   :Crying or Very sad:   :Crying or Very sad:   :Crying or Very sad:   :Crying or Very sad:   :Crying or Very sad: 

----------

