Date: Sun, 11 Jun 2000 09:05:16 -0400 (EDT) From: Stan Brown <stanb@netcom.com> To: freebsd-net@FreeBSD.ORG (FreeBSD Networking) Subject: Differences between FreeBSD NAt & OpneBSD BAT? Message-ID: <200006111305.GAA06983@netcom.com>
next in thread | raw e-mail | index | archive | help
I have been using a FreeBSD machine as my Firewall/NAT machine between my home network, and the internet for years. Grist wit dialup ppp, and now with cableModem. because of the fixed IP address, and the huge amount of break in atempts that I am seeinng on i, I am serioulsy considering replacing this machien with an OpenBSD machine. The theory being that the "secure by default" philosophy will protect me in areas where I may not quie know what I am doing. I have read the OpenBSD networking setup information, and most of it appears to be comparable. The firewall rules work pretty difernly bu default, but I think I understand the differences here. The real question is in NAT. I have used the FreeBSD version(s) for _years_ and they have been virtualy transparent to me. As far as I can recall the _only_ visible difference to the machiens on my network, has been haiving to use passive mode CVSUP. It appears as though this is not the case with the OpenBSD NAT. It looks as though I have to explciitly "proxy" for services that use non well known ports. Since there is usaually a great deal fo cross-polenation between the various *BSD tress, I figure someone on this lis could probably give me an explanation of the differences here? Why are thet different? How will the differences affect me as a user? What do I need to do to make the OpenBSD NAT work as closely as possible to the FreeBSD NAT? Is therw a security implication of doing this? Thansk for the feedback on this. Oh, BTW, I am still deploying lot's of FreeeBSD machines, it's jsut That I have the feeling this particular appplication is better suited to OpneBSD, given my less than total expertise at dealing with what is clearly becomeing quite a hostile world out there. If anyonewants to try to cinvince me otherwaise, I would be willing to listen. -- Stan Brown stanb@netcom.com 404-996-6955 Factory Automation Systems Atlanta Ga. -- Look, look, see Windows 95. Buy, lemmings, buy! Pay no attention to that cliff ahead... Henry Spencer (c) 1998 Stan Brown. Redistribution via the Microsoft Network is prohibited. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006111305.GAA06983>