OpenBSD Journal
Contributed by jose on from the creative-solutions dept.
You don't have to be the administrator of a super dooper network to describe your setup. It may even be you multimedia home workstation, or even a very old 386 / vax / whatever brought back from the dead.
Any setup that makes you proud, maybe solved a problem you had and you are willing to share."
(Comments are closed)
Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]
By byr0n () byron@subnetsurfer.com on http://www.subnetsurfer.com
The other (and the one that makes me proud) is my humble workstation at work. Another employee had a K6-2 300 with 4 4.3Gb HDD's on a board with a 7880 controller. It ran NT4. I don't like NT4. I set out to learn RAID on this machine, and after a week of writing (and rewriting) disklabels, conf files, and enlisting the help of the older, wiser BSD'ers I know, I booted my first root-on-raid OS. Needless to say, a couple more quick trips to get some partitioning in place has led me to my current workstation. I proudly run OpenBSD on a RAID 5 (root-on-raid) machine at work. there are 200 people in my company, and 2 use OpenBSD as their primary OS. I am proud of OpenBSD and proud of what it has enabled me to do with computers. The man pages are phenomenal and second to none, and without those my adventures would not have taken me past booting my computers... I am moving my workstation to -current soon, so I can give feedback on the status of the latest ah* controller code changes, and although I use the lone 300MHz cpu in my company, surrounded by Athlons and PIII's I have to say I have *the* kick-ass box in my office...
By Aasmund () on
By Juanjo () on
With XFree and XFCE on it runs pretty fine, even being a very old comp.
Comments
By Kingstrum () on
P90, 32MB RAM, 840 MB HDD, 10/100 PCMCIA NIC, running X @ 800x600x8.
The first x86 laptop I ever owned...bought it off a friend for $200 -- and my *ONLY* stipulation was that it had to run OpenBSD. He got ticked since "you [I] have *absolutely* no use for a 'secure' OS, especially on that POS" and didn't want to lose the money.
I did some reading and found out that OpenBSD did network installs, so with a little prep, I was able to setup the machine in less than 30 mins. with 2.4 over his office T1. He was blown away, but tried not to show it. I was just happy I had a real UNIX box for peanuts.
Best $200 I ever spent...
Kingstrum
Comments
By nuad () on
By RC () on
I have a Compaq 'Contura Aero 4/33' with an Intel x486 @33MHz running OpenBSD 3.1 off of a 110MB hard drive. It has a small screen (approx. 8") and a PCMCIA slot I use for an Ethernet card... 4MB of RAM is a bit of a problem, but it works.
I had an old XF86 up and running at one point, but it's too slow to be usable (mainly because of disk I/O I believe), so I stick with the console. Bootup is a bit time consuming, but once it's up and running, it's fast enough to be plenty useful.
I use it mainly for connecting to serial consoles, and SSH'ing. It's nice and small, but has a plenty large keyboard. Oddly enough, it has a better mouse than any modern notebook I've seen... That is a simple trackball that you don't hit all the time on accident.
By Anonymous Coward () on
Comments
By Fábio Olivé Leite () on
Great setup, though. :-)
Comments
By Anonymous Coward () on
By RC () on
Someone here will be happy to guarantee you never get to 1500 days....
By Anonymous Coward () on
By Anonymous Coward () on
I also love when non-techie people come in and realise it's not windows, and when techie people come in and realise it's not linux, and when bsd people come in and realise it's not freebsd.
Comments
By Sparky () junk@stinkys.ca on http://stinkys.ca
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By Sacha () on
Comments
By henning () henning@ on mailto:henning@
> assign 1Gb for /var/log. So my aggresive
> log-actions won't fill-up /var
/dev/wd0l 19G
yoda:/export/log 28G
By Eraser () eraser at mac-geek dot com on mailto:eraser at mac-geek dot com
The first one is my first OBSD box. I was a Linux geek forever, but I needed a rock-solid box to run some network monitoring software (http://www.sysmon.org) on. Trouble was, my budget for 2002-2003 (this was almost two years go) was gone, and all I had lying around was a P90 with 32MB of RAM and a 1GB disk. It had to run a MTA, Apache, and Sysmon reliably and quickly. I just couldn't get a linux distro stipped down enough to do this.
Then I installed OpenBSD. It was like a light from heaven. I put on 3.2 CURRENT at the time, and it's been rock solid since. Only one reboot, and that was when I moved it from my office to our datacenter. Had I not done that, it would have a +400 day uptime right now.
After that experience, when we decided to add another network monitor at our offsite location, we just EOL'd a Gateway PPro 200 box (with NT 4 on it) and "re-allocated" it. It has a nice Adaptec SCSI controller and a 4.3gb drive, along with 256MB of RAM. It runs good enough that I was able to install Apache Tomcat on it, and now it's a seconday "emergency" webserver to back up or two "primary" Linux webservers.
Finally, probably the one I'm most proud of is my Sun Sparc 5. I put 3.3-CURRENT on it about 6 months ago, and it's just been a blast. I was using it as an xterm box for awile, then I rackmounted it and have been using it for my home shell box. I even got sound to work on it, so if I feel nutty I can start playing mp3's with mpg123 to mess with my roomate when he is playing with the Cisco gear down in the server room.
Anyway.. basically.. I love OBSD. I used to love Linux, but now I just.. yeah :).
Comments
By Anony Mouse () on
Proudest MOMENT was probably seeing my name on the donators list.
But proudest install was definately the first -- when I wiped NetBSD from my little sparc ipc and
installed OpenBSD.
Comments
By Anonymous Coward () on
What exactly made you switch from NetBSD to OpenBSD? Better hardware support? Better crypto? Better security? Better Performances?
I have been evaluating both NetBSD and OpenBSD to replace several machines at work, and I can't seem to find a good comparison of the two... Any help from a user who has experience with the two would be greatly appreciated... :-(
By Anonymous Coward () on
By Oscar () consulbanana@hotmail.com on mailto:consulbanana@hotmail.com
By jtorin () spmkll on myrealbox tod commercial on mailto:spmkll on myrealbox tod commercial
The thing that makes it so sweet is that it runs *SOO* much better than the old IPF based solution (OpenBSD 3.0/3.1).
> uptime
5:21PM up 146 days, 1:02, 2 users, load averages: 0.20, 0.24, 0.19
The latest reboot was probably totally unneeded and is the *only* reboot the system has had since installation time (sometime in july 2003; disregarding reboots during configuration).
In the end IPF forced a reboot once a week or so. Yes, I know; uptime is not an measurement of quality, but still... :-)
I've read the whitepaper "Running and tuning OpenBSD network servers in a production environment", but I couldn't find much to improve (except NMBCLUSTERS). It just... works.
I'm really looking forward to OpenBSD 3.5, CARP and all new features I have seen in the cvs commits.
Comments
By Ray () ray@cyth.net on mailto:ray@cyth.net
OpenBSD 3.0/3.1 with IPF? Were you running Darren Reed's version of OpenBSD?
Comments
By jtorin () on
Due to several reasons (the main one being that noone was willing to do the conversion since it is all volunter work) we were stuck using IPF. Finally, me and a friend was bribed with enough pizza to do it... The setup is fairly complex with lots of "clever" routing, and IP-addresses loading from a database.
And I might have the OpenBSD version numbers mixed up, don't remember exactly when pf was introduced in OpenBSD. Anyway, we used IPF on atleast one IPF-less version of OpenBSD. It still sucked...
One of the great benefits of pf is that all options actually are documented! How I hated IPF for the crappy docs... It was probably fully possible that I could have tuned IPF to handle the load, but I never found any tuning tips.
Maybe I should add that the machine is a PIII 1.13 GHz, Dell something. 2 bge cards for gigabit, fxp for a 100Mbit DMZ.
Comments
By j0rd () mits_rox@hotmail.com on mailto:mits_rox@hotmail.com
By Anonymous Coward () on
Right now we're relying mostly on a packet filtering router. The scans bounce like rain on a tin roof. The firewall is there for the stateful stuff.
I picked Sun a while ago when I read that the stack protection features implemented in 3.3 (?) weren't there for x86. I've found some painful weirdness with Sun, being oddball hardware. Snort preprocessors don't go far before yakking all over themselves. I am too lame to be of much help to the Snort developers- can't get it to compile with the debugging options.
I think they did manage to implement the cool features on x86, but I don't see much about it on the obsd website.
Very cool os, even for the lame. Perhaps especially for the lame. A wizard might be able to lock down win2k, but even I can get obsd to stand up to serious abuse.
By Maarten () deadly.org@klet.st on mailto:deadly.org@klet.st
Comments
By Anonymous () on
Comments
By Maarten () deadly.org@klet.st on mailto:deadly.org@klet.st
Knowing what I know now, I whould have grabbed an old P3 with 256MB ram or equivalent. That would have been more than fast enough.
By asdfg () on
Comments
By jtorin () on
> Maybe I should add that the machine is a PIII 1.13 GHz, Dell something. 2 bge cards for gigabit, 1 fxp for a 100Mbit DMZ.
256 MiB RAM (and there is plenty of RAM left).
9GB ATA disk. 6GB is reserved for /var as the machine does quite a lot of logging. Yesterdays log was 76MiB in size.
By Petr R. () pruzicka@openbsd.cz on http://www.openbsd.cz
By Alex McGeorge () on mailto:Alex ( dot ) McGeorge ( at ) robbinsgioia ( dot )
By Kurt Miller () on
I've got multiple OpenBSD-current guests running in VMWare GSX Server for Windows XP (cough, cough) on a hyperthreading processor with loads of ram. This is cool because my kids can be playing Dora the Explorer or whatever on the console, while I'm hacking on OpenBSD virtual machines remotely.
I made a private port of vmware_tools so that when the host OS is shutdown, all the OpenBSD guests get shutdown cleanly too. I can recompile the kernel in while the kids are playing games and it doesn't affect their performance cus the HT. The setup allows me to run kgdb over a virtual serial cable too. All this in one box I think is a slick way getting the most of my hardware. ;-)
By Joe Schmoe () on
Any hints?
Comments
By Anonymous Coward () on
Comments
By Joe Schmoe () on
/sbin/atactl /dev/rwd0c writecachedisable
Hard reset the box, and fsck still kicks in.
Comments
By mirabile () mirabile@bsdcow.net on http://mirbsd.de/
could preserve that over a reboot.
By Anonymous Coward () on
By mirabile () mirabile@bsdcow.net on http://mirbsd.de/
a) make sure your slices are marked "softdep"
in /etc/fstab (these for which you want to
skip fsck, that is)
b) Disable hard disc hardware write cache
c) Disable fsck by setting the last column of
the slice entries in /etc/fstab to zero
If you aren't running Bind, AFS, amd, yp etc.,
you might be able to just copy our /etc/rc to
your system, it's up to date with -current.
Two hints:
1) the code to mount the filesystems has been
improved - if mount fails, and the filesystem
is softdep, it forces the R/W mount
2) the code to disable the cache is also in
/etc/rc, checking for softdep wd(4) discs.
For SCSI, use scsi(8), and set WCE to 0.
Thanks to naddy@ for his initial hint as to
which commands to use and how.
Comments
By Joe Schmoe () on
It bypasses fsck now, but I got the following warning messages in dmesg. Is this normal? And if it's normal, is it safe? :)
WARNING: / was not properly unmounted
WARNING: R/W mount of / denied. Filesystem is not clean - run fsck
WARNING: / was not properly unmounted
WARNING: R/W mount of /home denied. Filesystem is not clean - run fsck
WARNING: /home was not properly unmounted
WARNING: R/W mount of /usr denied. Filesystem is not clean - run fsck
WARNING: /usr was not properly unmounted
WARNING: R/W mount of /var denied. Filesystem is not clean - run fsck
WARNING: /var was not properly unmounted
handle_workitem_freeblocks: block count
Another two questions: About "the code" in your hint #1, are you referring to mount.c or mount_ffs.c or both? Also, are you referring to "the code" in MirBSD or OpenBSD-current?
I'm running OpenBSD 3.4 stable by the way.
Thanks once again, I think I'm finally getting somewhere. :-)
Comments
By tedu () on
as for safe, i run like this all the time and haven't had anything too bad happen.
Comments
By Joe Schmoe () on
How much is the performance hit with the write cache disabled? Would it badly affect busy machines like production servers and firewalls, or is it negligible?
Comments
By mirabile () mirabile@bsdcow.net on http://mirbsd.de/
improved performance by using softdep.
Previously, you were using "sync" mounts, i.e.
a "disabled software cache". That was up to 60
times slower (according to the obsd 2.9 advertising).
If you use softdep and do NOT disable the cache,
it's obviously faster, but you *WILL* lose data
on a crash.
Comments
By Miod () on
Comments
By Joe Schmoe () on
Comments
By lopakairop () on
http://www.ece.cmu.edu/~ganger/papers/CSE-TR-254-95/
By mirabile () mirabile@bsdcow.net on http://mirbsd.de/
Just curious.
By mirabile () mirabile@bsdcow.net on http://mirbsd.de/
WARNING: R/W mount of /var denied. Filesystem is not clean - run fsck
This is the message coming from a normal mount.
The script detects the error and forces the mount:
WARNING: /var was not properly unmounted
This is an informal message telling you "ey, it's unclean, but
I'll mount it anyways"
handle_workitem_freeblocks: block count
This happens when you encounter inodes (or something like that,
I'm not good in filesystems except FAT) which should be empty,
but aren't.
In early BSD versions (before it got into OpenBSD) of the softdep
code, this was a panic() message IIRC, but you should be able to
safely ignore it. (My main development box has the same, so...)
By bob () bob@2fm.de on mailto:bob@2fm.de
but the hint is the server is a http://hosting.1und1.de/ rootserver
so i musst install obsd truh a Debian Rescue-system...
(Intel Celeron
2.000 MHz-Prozessor
256 MB DDR-RAM
75 GB Traffic) for 49,- euro i think it is ok or?
dose any one konw a cheap server with obsd or the option to install it itself for a cheaper prise? (location Eath :-)
(not server4you.de the support is not the best...)
bob
Comments
By Anonymous Coward () on
Why? Owned and dictated by Henning(OpenBSD Dev.).
Comments
By bob () on
i will call him, about a offer.
best bob
By Wouter () on
And what I'm proud of now, is my diskless wireless gateway. Pentium 166, 32 MB ram, a floppy drive and no disk (duh). Booting helped by rarp, bootparams and nfs mounts.
By Anonymous Coward () on www.fontec.com
Comments
By Colin () on
Thanx
Colin
Comments
By Anonymous Coward () on
Disable TSC in the kernel
Get the latest if_sis driver from current.
Tell kernel about all the memory (it only sees 64MB on it's own, the box has 128MB).
machine mem +0x4000000@0x4000000
And I'm also planning on doing a net install using PXEGrub. Here's a link with some information on how to do that.
http://www.berger.to/openbsd/pxegrub.html
Comments
By mirabile () mirabile@bsdcow.net on http://mirbsd.de/
cvs -qz1 -d mirbsd-cvs@mirbsd.bsdadvocacy.org:/cvs co -PA ports/sysutils/pxegrub
(password is anoncvs, of course)
cd into that and make show=FLAVORS
gl hf. it should be fine under obsd.
By Manuel Pata () pata@alface.de on www.alface.de
By sthen () on
By sthen () on
4501 runs without tweaking (though a custom kernel might be worthwhile), 4801 needs -current or kernel patches. 4501 is ever-so-slightly smaller (less high).
For firewall installation you'll probably find it simplest to install flashdist and nsh to prepare a disk image, and dd'ing it to CF card over a USB reader. Plug the card in to the Soekris and note down the C/H/S figures, and configure them into flashdist. 16mb is plenty of flash for this, though there's little premium for 32-64mb cards you might want to leave yourself extra headroom.
nsh is a really nice cisco-like cli for preparing the network (replacing netstart, hostname.* etc), it has support for 802.11 and bridging though it doesn't yet have code for configuring VPNs or IPv6. flashdist is aware of nsh and includes it automatically if present, though nsh is also useful on a standard OpenBSD installation.
Of course, CF and flashdist (or similar techniques) aren't limited to Soekris boxes, they also work very nicely with a standard PC and a CF-IDE adapter. Very nice way of avoiding disk crashes on many services (DNS resolver, load-balancers, redirectors, NTP, you name it...)
I've recently built a Soekris/OpenBSD box to terminate VPNs from Windows clients connecting over GPRS, for which I used OpenVPN (ssl-vpns over UDP) to get around NAT restrictions on many GPRS services, which works wonderfully.
Pointers? Hang around soekris-tech (it's archived at gmane)... you might pick up some tips on wireless-related lists (bawug etc) where Soekris boxes are often used... read Soekris/embedded-related pages from various OS (m0n0wall, m0n0bsd, minibsd, opensoekris, pebble linux)... maybe play around with cut-down images on a standard machine (HD or CF or just using vnconfig), or just go for it..!
Oh, and you might find it useful to grow your fingernails so you can extract CFs more easily <grin>
By Alexander Grekhov () on
The second one is less exciting -- just a NAT/firewall for the corporate T1.
Both were rock-solid. I wish all software was like that!
Comments
By bards1888 () on
Comments
By Alexander Grekhov () on
As far as 802.11g support goes, I hope Atheros driver will be ported soon, since it is already available for Linux and FreeBSD:
http://www.freebsd.org/cgi/man.cgi?query=ath&sektion=4&apropos=0&manpath=FreeBSD+5.2-RELEASE+and+Ports
By Anonymous Coward () on
All this time the box kept moving packet just as happy as could be, hooray!
Comments
By Anonymous Coward () on
Comments
By cowboy_mcneal () on
everything else was unreachable from outsite (ssh,www,smtp,imap,pop)... but it keeped on forwardin packets.
By SH () on
By Rob Granger () robertgranger at yahoo DOT COM on mailto:robertgranger at yahoo DOT COM
I have OpenBSD 3.4 -stable on a plain jane PC with a 300mhz celeron with 128mb RAM and a 6 gb disk.
While the hardware is not special, I think the fact that I literally retrieved the PC from my apartment's dumpster is what makes this OpenBSD install my proudest install. I had to buy a new power supply/CD-ROM/floppy/ethernet card.
This machine is performing firewall duties for my home DSL connection.
By Anthony () on
I'm not vulernable to the attack because the bug is in code that OpenBSD doesn't use, but there's no way for them to know that. They're just scanning the Internet.
I edited /usr/src/usr.bin/ssh/version.h so I'd report "OpenSSH_3.7.1p2", and the random connections now give up rather than trying and failing to break in.
And that is the first time I've rolled a custom version of something... I'll be more ambitious in the future. :)
By Martin Reindl () wildweasel@bsdcow.net on http://open.bsdcow.net
never thought mopbooting what that easy ...
By art () aahzw@yahoo.com on mailto:aahzw@yahoo.com
By Senor Wences () nospam@thanks.com on http
By Senor Wences () nospam@thanks.com on http://www.deadly.org
By Flynn () flynn72@canada.com on mailto:flynn72@canada.com
By Andrew Pinski () pinskia@gcc.gnu.org on mailto:pinskia@gcc.gnu.org
Comments
By Brad () brad at comstyle dot com on mailto:brad at comstyle dot com
By pkplex () on
Ive got the compulsary 486 diaulup gateway/firewall box too..
Mostly im my experience, things get boring with OpenBSD, as when a box is all set up and going, there is usually little need to work in it ( with the exception of relevant security bugs ).
By Michael Sullenszino () no spam at sullenszino com on mailto:no spam at sullenszino com
By Anonymous Coward () on
My router also gets points for not only being my first OpenBSD install, but also my first experience with any of the BSDs.
Oh, I almost forgot, if I can't SSH into it, there's a WY-60 attached. I traded my grandmother' s neighbor a 15" monitor for it, just for the geek factor (and because the 15 was worthless to me).
By jk () jk@lutty.net on http://www.lutty.net
It happlily runs pf, bind, dhcp, nat over two pcmcia cards, one of those being a wifi :-) and the other a 10BaseT AD.
very well suited:
Theoriticaly 10BaseT AD means ~360KiB/s
Theoriticaly 802.11b means ~350KiB/s
Theoriticaly my dsl is 375KiB/s
Practically, i can download at ~320KiB/s, though vmstat says ~80% CPU in sys :-)
Comments
By Anonymous Coward () on
Theoriticaly 802.11b means ~350KiB/s
Are you sure? We're getting about 620KB/s in a 11Mbps connection with 802.11b (in managed mode).
Comments
By Shane () on
I was wondering what he meant too.
I've pulled data from a 3c509b 10baseT ISA card at around 1.2MB/s.
I run OpenBSD 3.4 stable on my firewall (P75 16M RAM, 500MB Seagate SCSI, 1542 Adaptec, headless, with serial console), server (PII-300 384M RAM, 40GB IDE, headless, serial console, SMB, http), x86 desktop (Thunderbird 700 which I found on the street, 384M RAM, 20GB IDE, Matrox G400, KDE), my Sun desktop had been running OpenBSD (Sun Ultra 10, 333MHz, 128M RAM, 20GB IDE, PGX24, KDE) and my old clamshell iBook (300MHz G3, 192M RAM, 6GB IDE, KDE, modified with removed headphone socket replaced with WiFi connector for external antenna).
Needless to say, I love OpenBSD. : )
My Sun is currently running Solaris 9, only because I wish to learn it. Otherwise it would be my firewall, since this Ultra 10 seems to be about as quick as a two legged dog.
My intentions, since I run my own business as an IT contractor, is to soon have rsync synchronize my email and important documents between my server, x86 desktop, Sun desktop and iBook (in addition to permanent monthly backups to CDR and rotating daily CDR backups). So that I not only have multiple backups, but I can always reply to email or send an invoice even if my main machine goes down badly.
I would like to get 512/512 SDSL so that I may admin my own web and mail server.
By Christian () on httpw://www.cschwede.de
It's an old 300 MHz Box with 6 GB disk and 256 MB Ram.
The firewall itself has 5 zones - external, DMZ1 (webservers), DMZ2 (developer database servers and file servers), internal1 (users) and internal2 (users of another company).
What made me really proud was the change from FreeSWAN/Linux to ISAKMPD/OpenBSD. We have several VPN connections to our customers, all with different setups - on client side FreeSWAn, Checkpoint Firewall 1, Cisco etc. The FreeSWAN and Checkpoint are running stable now without any need to reconfigure on the other side. Now the Cisco-VPN is going to be implemented ;-)
And hell yeah, of course my private router and my notebook.
I'm loving OpenBSD -specially the siteXX.tgz, where i put all my configs and patches in so no need to backup - in case of emergency, it's installed back in 10 minutes :-)
Comments
By Eduardo Alvarenga () eduardo@thrx.org on www.thrx.org
Comments
By Anonymous Coward () on
forum.
misc@ comes in mind and perhaps openbsd-ipsec-clients.
By Anonymous Coward () on http://www.opentorrent.org/
Comments
By abe () rolick571@duq.edu on mailto:rolick571@duq.edu
Comments
By Anonymous Coward () on
By Bryan () on
By Anonymous Coward () on
By norbert p. copones () norbert at feu-nrmf.ph on mailto:norbert at feu-nrmf.ph
By willb () on
By mr_scary () on http://papamike.ca/
Well I learned about it and happily discovered about the isp driver (for the controller) on OpenBSD. After ordering a few more parts I now have a *very cool* OpenBSD system. It acts as my home firewall. My firewalls have always been shoeboxes (100 MHz, 133 MHz, etc) but now I have this honking 500 MHz replete with Intel network cards and 196 MB of RAM.
This system also acts as a DNS caching server and will soon house a web proxy server (squid).
The only issue I had was the available OpenBSD boot floppies could not contain both the network drivers and the fibre channel drivers. (That's why I am running 3.3 and not 3.4; I only have the 3.3 CD). If anyone has a method to create a custom boot floppy kindly respond!
Comments
By Anonymous Coward () on
Why not just use cdrom34.fs on a blank cd?
Or, if you want to use floppies, I think this link will help:
http://www.deadly.org/article.php3?sid=20021123055049
which points to:
http://www.onlamp.com/lpt/a/2909
In other words, simply make your custom bsd kernel with support for both the network drivers and the fiber channel and replace it on the boot floppy.
Hope this helps.
Regards!
By Eduardo Alvarenga () eduardo@thrx.org on www.thrx.org
By lincr () rutledge.50@osu.edu on mailto:rutledge.50@osu.edu
I saved my last employer at least $4000 by reusing two old pc's, one as a transparent bridge with pf, and one as a squid proxy. With squid handling http traffic on a 15GB cache, and pf blocking the typically abused ports for 75 users on dual T1s. The datacenter we worked with were tres impressed, but now that I have been gone about six months I heard that they tore out the system. My replacement has no Unix experience, and apparently didn't ask the datacenter for help :(
Here I have two OpenBSD servers that I am very proud of, my first production Web server and SMB file server. The Web server has hardware problems but otherwise has been great, and it is using software RAIDframe, and of course the performance on the file server is a huge improvement (was W2k on the same hardware). The people here are frightened of anything that didn't come from Microsoft and are just confused when it comes to using an alternative OS. I try to explain how much they have saved in licensing just from MS, without even mentioning anti virus, trying to track down why it is locking up etcetera, but it is lost on them.
Personally I have OpenBSD on a 68K Macintosh and my recently acquired PPC Indigo iBook 366, so I have BSD Unix running on two RISC computers at home :)
I love how much control over the raw system OpenBSD gives, I hope I can take advantage of having a full implementation of Perl on BSD on these platforms!
Comments
By Anonymous Coward () on
Comments
By Anthony () on
By Sven () on
At the dorm where I used to live I got hold of an old Pentium 133MHz with 32MB RAM. I has been set op with OpenBSD (can't remember version), X, fvwm, samba and xmms. It runs with without a hick. People can put mp3 files on it from their windows machines and play music whenever they party.
I went by the place in december, 2 years after I left the dorm, and it was still in use :)
By the rev () on
Otherwise, I set up queueing and prioritizing on my 3.4 obsd firewall and can now play Enemy Territory lag-free, no matter how many people are pulling crap from my webserver :)
Comments
By Anonymous Coward () on
By Anonymous Coward () on
By Tom Ryan () tomD0TryanATTwhitehorsestrategicD0Tcom on mailto:tomD0TryanATTwhitehorsestrategicD0Tcom
- offsite backup for 40GB of data with rsync
- vpn to a couple of sites, smb over the vpn
- fileserving, nfs and samba
- split horizon dns with bind
- web site and php/imap webmail
- firewall/nat gateway inc dmz & accounting
- dialin and serial consoles
- mail inc filtering
- the usual goodies like ntp and upses
when i first started here, everything was on linux and this was a full time++ job for one person. now i work here three days a week and spend half that time just doing 'busy work'. :)
By Whoami Noncommitus () yeahright@nowhere.com on mailto:yeahright@nowhere.com
Who
By George Orlov () gorlov@hotmail.com on mailto:gorlov@hotmail.com
By EN () en@roolz.org on mailto:en@roolz.org
The idea is to kerberize all services as much as possible.
So far:
User auth via login.conf(kerberized)
POP3(kerberized)
Access to restricted web-dirs(mod_auth_kerberos)
Automatic user-chroot
Future: Full kerberization, part of data stored in LDAP.
By Boris () on http://rootr.net/
which I believe deserves more highlight.
Another time was I had to remote install
a live server with plenty customers on it, whose primary hdd corrupted with plenty sectors getting
zapped, (on x86 this time).
after reading over and over deraadt's install scripts, figured a way to go. Heavy sweat of checking and re-checking, because there was no room for mistake, only one chance allowed: the server was 6000 miles away accross the pacific... No bios access to the backup secondary hdd. and at that time there was zero docs around on remote install scenarios. I had to pretend to the machine I was locally enabling the backup hdd.
All went well. A while later I had this server shipped over, and installed a weasel card to allow remote-bios access.
By Martin () sletmig001@ammulti.dk on mailto:sletmig001@ammulti.dk
It's firewalling a 34 Mbps internet connection. Not a special setup.
It took 10 minutes to install, and then 30 minutes to write the pf.conf - and that's it - done.
Now, at 396 days uptime (would've been 146 days more due to an extended power outage).
Always less than 5% CPU used, and something like 3-5% interrupt time.
Sweet!
By mike () mike@gmp.fm on mailto:mike@gmp.fm
only problems: a hardware disk crash during the first week due to mngmt wanting to log ALL outgoing http traffic and initial network problems due to a faulty NIC.
really, really insist on getting reliable hardware from the beginning if you do this...
all in all, obsd is a great thing for doing customized setups, the docs are great and the systems are rock-solid, and as someone said overall hardware support is too rarely mentioned.
By asdfg () on
#1: The first time I installed OpenBSD. Resurrected an unused Pentium 133 with 64MB RAM from the corner of my university lab, and got OpenBSD 2.7 (or 2.8? Or possibly even earlier) on it. It was my first exposure to OpenBSD and I just love the "BSD-ness" of it (you guys know what I'm talking about!).
#2: OpenBSD 3.2 on a Pentium II 400MHz, which was used as a webserver to accept research papers for a major security conference. We had a record number of submissions that year, but the box never let me down.
#3: OpenBSD 3.3 as an IMAPS mail server and CVS server.
#4: An OpenBSD 3.3 firewall with three NICs.
#5: OpenBSD 3.4 on a laptop. Never did that before, and it was fun customizing it to create a beautiful desktop environment (now, if only Crossover Office would work!). :)
#6: Installing OpenBSD 3.4 on a Soekris device. Very, very tricky, but well worth it!
Till today, #2 to #6 are still being used, though #2 has been recommissioned for other purposes (uh, cracking RC5-72 keys). :)
So thank you, OpenBSD developers and the OpenBSD community. The most fulfilling and satisfying computing experiences I ever had all involved OpenBSD. I'm sure many would agree on that!
By Anonymous Coward () on
Whats left to figure out is how to mate MailScanner with relaydb, so I can add a rule to my pf-enabled spamd firewall and download the latest spammer ip addys. Anybody in OBSDland have any hints as to how this can be done? I'm not sure where to start on this one...
I'm getting tired of spam...
By Leon () l.vd.eijk2@mindef.nl on mailto:l.vd.eijk2@mindef.nl
Second project will be a microVAX 4000 station wich will be installed from the MAC.
Yeah, that made me proud and the reactions are cool to :)
By Tom () on
I could never have done this with Linux, if I could have found a distribution that supported the sparc well. BSD on sparcs is as good as (better?) BSD on PCs.
No OpenBSD yet, so I bought an IPX on ebay, installed OpenBSD 3.1 on it & copied over my setup. I later used the sparc 20 to convert to PF when I upgraded to 3.2. Knowing OpenBSD got me a job.
By PunkWalrus () punkwalrus@yahoo.com on http://www.punkwalrus.com/diary.html
-------
OpenBSD 3.4 (GENERIC) #18: Wed Sep 17 03:34:47 MDT 2003
deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Am5x86 W/B 133/160 ("AuthenticAMD" 486-class)
cpu0: FPU
real mem = 33144832 (32368K)
[ ... ]
-------
It's an old Dell Optiplex LE100, with a mega-old BIOS (only 1 IDE channel, thinks it's 01/01/1980 on reboot), and an overclocked i486 (not AMD, not sure wmy OpenBSD things that) at DX4/100 speed and 32MB RAM. Runs two Novell NICs. Thinking about adding an external modem to dial in. I don't have/need a gui, I do eveything by SSH. Speed doesn't seem to be a problem, unless I try and use SMB/CIFS, but who cares?
I'm running that baby until she dies.
By RC () on
It was a really nice piece of hardware... It's not all that common that you see free machines with 6+ PCI slots, and not needing to use any of them for video cards or something. So, all 6 are stuffed with 100MBit NICs. It also had a few ISA slots, and they're also stuffed with NICs.
It has no cheapy, tiny fans, just a few, incredibly reliable 80cm ones. A power supply that has never burned out after many years of operation, etc... Man I wish DEC was still around. But I digress.
That one box, with a net value of about $100 worth of hardware, is routing for (literally) hundreds of PCs.
In addition, I wrote my first truly massive ruleset... Both the NAT rules and the packet-filtering rules were more complex than most mere mortals ever dream of gazing upon. Hundreds upon hundreds of rules, and that slow processor can keep up without any hint of a hickup at full 100MBit speeds.
But perhaps what is most satisfying about the whole thing is how useful it was. That single box saved hundreds of man-hours in the first year it was setup. No longer did anyone have to go resolve all sorts of problems that were popping up. No more did anyone have to be concerned with what services were running on those systems. I can't go into all the specifics, but hundreds of problems just melted away, and that box hasn't caused any problems since it started running, so it's been ideal.
By Marc Espie () espie@openbsd.org on mailto:espie@openbsd.org
By Grig Larson () punkwalrus@nospam.yahoo.com on http://www.punkwalrus.com
On a very proprietary i386 system when 3.1 just came out. A friend of mine called me in a panic, said he was setting some ultra-secure mail systems for some hacker-like convention, with 12 Pentiums 166 machines, and the spec he has been given was OpenBSD. All he had ever done before was RH Linux 7.3. I had to do this over the phone, and all I had were these all-in-one "Technoland" boxes lying around at work. I walked him through the install, and once we got it up and working, he could set up sendmail from there. When he hung up, I played around with OpenBSD for a week or two, and then forgot about it for a few months. Then I came back to it, and learned (the hard way) about partitioning, portages, and Xfree86.
First real use:
When 3.2 came out, I suggested it to some people a work for from default "Linux-like" boxes for web caching. RH 8.0 was the spec, but I suggested OpenBSD because we only had 1.2 GB HD to use initially. We set up Squid, and those worked well until they got bigger hard drives, and went to the support license of RH.
Current Use:
Apache (two websites, one live on the Internet, the other behind a LAN), NAS, and just a general NAT/firewall. Just started using pf to redirect ssh behind firewalls, and I have been asked to give a demo of a potential dialup server, so I am learning mgetty.
By dettus (217.82.129.103) on www.dettus.net
i even did a nice little howto about it: http://www.dettus.net/openbsd_at_strato.txt
my goal is to see lots of rootservers running my favourite kind of *nix. ;-)