Contributed by sean on from the around the world in many releases dept.
Thank you so much for giving me a chance to share how I put OpenBSD to use.
Firstly, I am from India. BSDs are not very popular here mostly because people haven't heard of them.
Even those who have heard about it find it difficult to get the OS mainly because Internet connections here in India are generally slow so installing over FTP can be a challenge for the average new user.
I came to know about the BSD's four years back. I read on the Internet that Yahoo ran on FreeBSD and that Microsoft ran Hotmail Service also initially on FreeBSD. It made me wonder why then this OS did not have widespread usage here in India. When I heard that these OSes were free I came to the conclusion that they must be difficult to install and configure and maintain and that's why they are not popular. I also thought the 'free version' was cut down and unusable and what Yahoo and others use is custom build by their programmers.
I also heard testimonies of people about OpenBSD and it's Security track record and had an idea of replacing a Windows 2000 firewall in my office with OpenBSD. But I was not sure whether I could do it because I had no background in UNIX. I had a RedHat Server in my office which I installed and configured to run Apache, PHP, MySQL, Samba, Postfix so on.
Soon, I replaced the Redhat Linux with Debian (Woody 3.0r2). That gave me confidence to try out FreeBSD because I learned that it had a similar install interface (sysinstall)
I aquired and installed FreeBSD successfully at home, and with much prayers I started installing OpenBSD at the office to replace the Windows 2000 based firewall. I was initially a bit skeptical about my success. I tried to get in touch with people who are experts in the fields of networking, UNIX and Linux but they were convinced that it was impossible to have a firewall with OpenBSD because installation and configuration is too tough. Some of them said that in India, only certain ISP's used OpenBSD and it is difficult to get support. But with much prayers I chose not to abandon my mission. Soon I came to know about a BSD users group in India with a mailing list. The site URL is given below.
The person who started the mailing list (Arun Sharma) gave me the initial directions on how to go about building the OpenBSD firewall and gave me suggestions on the software I can use in OpenBSD to achieve my goals. Also of note, he is a committer to the FreeBSD project. Currently he works for Intel improving the Linux kernel for Itanium motherboards. His website URL is given below.
Soon I received help from other members in BSD-India mailinglist. You can see the archives here.
One of the members from BSD-India (Arun G Nair); who also helped me a lot has now joined my firm to work with me on OpenBSD.
Also the following sources gave me valuable information and helped me whenever I got stuck.
- firstname.lastname@example.org Mailing List
- email@example.com Mailing List
With the help of these great people I have completely replaced the Windows 2000 Proxy and firewall with OpenBSD 3.5. I have configured it in the following way to protect the office LAN from the Internet.
- Configured PF as firewall with default "block all" policy.
- Internet access is provided to the LAN users through Squid Cache Proxy.
- FTP, SMTP, POP, SSH access to the Internet to LAN users are provided through NAT in PF.
- Access to the Internal Webserver from the Internet is provided through "redirection" in PF with OpenBSD acting as proxy to complete the handshake between the Internal Webserver and client hosts from the Internet.
Now after writing all this, let me ask a favour from all who read this?
If you are subscribed to the misc mailing list then you may have seen a similar posting there also. Giving a reply there will be more than sufficient.
We Switched from Windows 2000 to OpenBSD for security reasons.
My boss is very much impressed by the perfomance of OpenBSD over the MS Windows 2000 firewall we had earlier.
He has actually taken on another employee to work with me as I mentioned earlier (Arun G Nair) to master the OS so that we can promote the use of OpenBSD in our country (India).
He has also asked me to give a write up on the benefits and advantages of using OpenBSD over other OSes in the area of Network Security and so we could give an article to the leading papers in India and make people aware of this wonderful OS.
We also plan to help companies to set up their own OpenBSD firewalls. God willing, this might be a success and we would encourage these companies contribute in some way to the OpenBSD project itself.
Though I know a bit (actually a lot but in a disorganized way) about it's advantages I am not able to put it specifically on paper and give it to him. Could you please direct me to links on the net where these advantages of OpenBSD are pin pointed?
When I first started OpenBSD, I was discouraged by people and was asked to use Linux instead. I did not heed because I knew OpenBSD was more secure than any linux distribution available but I could not give them point by point explanation on why I chose OpenBSD over Linux.
Also, if there are issues I should take care while preparing the article for newspapers please kindly let me know. Finally, this is what I think!
OpenBSD will have a steady growth all over the world as the need for a secure OS becomes the first priority of Network Administrators and as people hear the honest testimonies of OpenBSD users.
In India, also I forsee a steady growth for OpenBSD especially in the Defense Sector as our President (Dr A.P.J. Abdul Kalam) has called for the use of Open Source Software to eliminate vendor dependency which is very dangerous!
You can see the presidents call for Open Source Software in the below links to get more information.
The growth of OpenBSD use is initially slow because, many have not heard of OpenBSD and even more haven't tried it! I think those who have used it and reaped its benefits should come out and share their experiences in places like this and with people they meet so that people will be able to use this OS and enjoy it's security.
As Theo said "This OS is programmed by peple who care", people who care about security especially and it really hurts to find that not many know about OpenBSD even when it is having the most free licence for use.
So I urge everyone who uses it to speak out that we might see its user base grow faster in the comming years.
Good Luck, Siju.
EDIT: A few changes were made for spelling and clarity (sean).
(Comments are closed)