I just spent some time on this and got a working image for the Watchguard
Firebox X 500-2500 platforms.
For more info about it, I'm keeping track of everything in a forum here:
http://www.thewaffle.org/Forum/viewforum.php?f=6st=0sk=tsd=dstart=0
While I was at it, I pulled out an old Watchguard
On Fri, Aug 8, 2008 at 3:08 PM, James Records [EMAIL PROTECTED]wrote:
Grab a Watchguard Firebox X off of ebay, they have 6 interfaces, and you
can get them pretty cheap, some of the bigger ones have more, onboard
crypto, perfect for building openbsd firewalls... you can run off a CF...
Claudio Jeker wrote:
On Mon, Aug 11, 2008 at 01:14:53PM +0200, Marco Fretz wrote:
Johan Beisser wrote:
On Fri, Aug 8, 2008 at 2:59 PM, phoenixcomm [EMAIL PROTECTED] wrote:
Hi Gang,
well heres my 3 cents,
first why use a stupid PC (any os) for routing.. REALY BAD jue,jue
brake
down and
Sorry to hijack this thread slightly, but it's related I think:
I'm looking to create an OpenBSD firewall/router for home. It's going
to need to support two ADSL (UK, 8mbit) lines with PPPoA. And then a
bunch (4) of f/eth ports, which is simple enough.
Could anyone recommend any low-profile pci
* Marco Fretz [EMAIL PROTECTED] [2008-08-13 09:31]:
Ok, ok. What I said was what Cisco says
as in, lies, lies, lies.
They call it marketing.
Cisco hardware is much more reliable than PCs
I can't second that. Cisco and good PC hardware are en par ime.
The whole system, Cisco + IOS vs PC-Server
* Marco Fretz [EMAIL PROTECTED] [2008-08-13 09:31]:
If you have the money buy Cisco Routers (or from similar vendors), if you
have time and want to save some money use OpenBSD.
2008/8/13 Henning Brauer [EMAIL PROTECTED]:
no. If you have the money get somebody clueful to set your OpenBSD
Henning Brauer wrote:
* Marco Fretz [EMAIL PROTECTED] [2008-08-13 09:31]:
Ok, ok. What I said was what Cisco says
as in, lies, lies, lies.
They call it marketing.
Cisco hardware is much more reliable than PCs
I can't second that. Cisco and good PC hardware are en par ime.
The whole
On Wed, 13 Aug 2008, ropers wrote:
SNIP
NB: According to Wikipedia, Juniper's JUNOS OS is FreeBSD-derived. In
other words, it ultimately evolved from the same ancestor OpenBSD
evolved from.
--ropers
So it runs some BSD derivative on it's management card, make no difference
on how well the
I just got some screenshots of the project up, if you care to take a look:
http://www.thewaffle.org/screenshots.html
There is also a working copy of the VMware image of the project availible
for download, see the following for brief instructions on how to setup the
image:
2008/8/13 James Records [EMAIL PROTECTED]:
I just got some screenshots of the project up, if you care to take a look:
http://www.thewaffle.org/screenshots.html
snip
pardon the site design, not my forte, hopefully getting someone else to
build me something better soon.
It's nicer to look at
Johan Beisser wrote:
On Fri, Aug 8, 2008 at 2:59 PM, phoenixcomm [EMAIL PROTECTED] wrote:
Hi Gang,
well heres my 3 cents,
first why use a stupid PC (any os) for routing.. REALY BAD jue,jue brake
down and buy a old Cisco 7200, 7500, 3600 they are all very good routers, I
used a 7500 for a
On Mon, Aug 11, 2008 at 01:14:53PM +0200, Marco Fretz wrote:
How odd. I know at least one site that runs all of their BGP off of
OpenBGP on OpenBSD boxes that are dedicated as routers. In all cases,
these systems outperform the equivalent Cisco hardware for a fraction
of the cost.
Forget
On Mon, Aug 11, 2008 at 01:14:53PM +0200, Marco Fretz wrote:
Johan Beisser wrote:
On Fri, Aug 8, 2008 at 2:59 PM, phoenixcomm [EMAIL PROTECTED] wrote:
Hi Gang,
well heres my 3 cents,
first why use a stupid PC (any os) for routing.. REALY BAD jue,jue
brake
down and buy a old Cisco 7200,
On Mon, Aug 11, 2008 at 01:14:53PM +0200, Marco Fretz wrote:
well heres my 3 cents,
first why use a stupid PC (any os) for routing.. REALY BAD jue,jue brake
down and buy a old Cisco 7200, 7500, 3600 they are all very good routers, I
used a 7500 for a while and now use a 3640
i use pf as
* Marco Fretz [EMAIL PROTECTED] [2008-08-11 13:19]:
Forget this. Cisco does CEF (cisco express forwarding) that's stream
forwarding in hardware.
1) that is best case. some traffic has to go to the main cpu.
attackers can provole that and easily overload their tiny host cpus.
2) only the big
My day job lets me play with fucking expensive ones, I love that
statement Claudio. If you want commercial hardware that handles
large PPS rates you get purpose built hardware, not a Cisco router.
I also support 100M feeds going through Soekris 5501 running OpenBSD
and they perform very well.
Hi,
Forget this. Cisco does CEF (cisco express forwarding) that's stream
forwarding in hardware. You don't have a chance to reach this PPS with a
yeah, expect that it doesn't route everything and in the moment it falls
back to cpu your router is dead. then there I saw all kind of funny and
Hi,
On Mon, 14.07.2008 at 12:44:15 +0200, Henning Brauer [EMAIL PROTECTED] wrote:
The bigger HP Procurve switches are ok. Some shit, as usual, but all
in all very usable.
what do you mean by bigger?
Routers: OpenBSD, what else?
Erm, and on the hardware side, please?
Kind regards,
--Toni++
* Toni Mueller [EMAIL PROTECTED] [2008-08-08 19:07]:
Hi,
On Mon, 14.07.2008 at 12:44:15 +0200, Henning Brauer [EMAIL PROTECTED]
wrote:
The bigger HP Procurve switches are ok. Some shit, as usual, but all
in all very usable.
what do you mean by bigger?
5300XL specifically. The other
MartC-n Coco wrote:
Hi misc,
I'm currently looking for hardware alternatives for firewalls that
should have more than four NICs.
Currently we are buying R200s from Dell, but we have the 4 NIC
limitation. We could tell Dell to install a quad port NIC (in addition
to the two-port onboard
Grab a Watchguard Firebox X off of ebay, they have 6 interfaces, and you can
get them pretty cheap, some of the bigger ones have more, onboard crypto,
perfect for building openbsd firewalls... you can run off a CF...
I'm putting together a project that uses openbsd on these boxes. If you
have
On Fri, Aug 8, 2008 at 2:59 PM, phoenixcomm [EMAIL PROTECTED] wrote:
Hi Gang,
well heres my 3 cents,
first why use a stupid PC (any os) for routing.. REALY BAD jue,jue brake
down and buy a old Cisco 7200, 7500, 3600 they are all very good routers, I
used a 7500 for a while and now use a
On Fri, Aug 08, 2008 at 02:59:02PM -0700, phoenixcomm wrote:
MartC-n Coco wrote:
Hi misc,
I'm currently looking for hardware alternatives for firewalls that
should have more than four NICs.
Currently we are buying R200s from Dell, but we have the 4 NIC
limitation. We could tell
You strongly overestimate the value of your comments (3 cents), it seems
like there are many places more appropriate than this one for you to suggest
middle-of-the-road hardware running a proprietary OS that has among the
worst security records in the industry.
On Fri, Aug 8, 2008 at 4:59 PM,
On Fri, Aug 08, 2008 at 06:54:05PM -0500, patric conant wrote:
You strongly overestimate the value of your comments (3 cents), it seems
like there are many places more appropriate than this one for you to suggest
middle-of-the-road hardware running a proprietary OS that has among the
worst
So you expect additional reliability from stacking ebayed cisco equipment
with OpenBSD bridges behind them, as the original poster mentioned, and cost
effectiveness by buying used cisco equipment and paying for relicensing so
that you can get updates, compared to setting up OpenBSD boxes as
Claer wrote, sometime around 15/07/08 07:31:
On Mon, Jul 14 2008 at 28:15, Mart?n Coco wrote:
Thanks!
Have you tried the quad nics on those Dells? We do have a couple of R200s,
860s and 850s running with 2 dual port cards no problem, but we have never
tried the quad ports.
Hello,
I do
On Mon, Jul 14 2008 at 28:15, Mart?n Coco wrote:
Thanks!
Have you tried the quad nics on those Dells? We do have a couple of R200s,
860s and 850s running with 2 dual port cards no problem, but we have never
tried the quad ports.
Hello,
I do have around 20 Dell 860 and R200 with 2 cards
* Curt Micol [EMAIL PROTECTED] [2008-07-13 16:20]:
On Sun, Jul 13, 2008 at 5:55 AM, Henning Brauer [EMAIL PROTECTED] wrote:
which is exactly the point. there are too many misconfigured VLAN
setups out there, and some vendors (namely: cisco) have fucked up
defaults. cisco (at least: used to,
On Fri, Jul 11, 2008 at 11:47 PM, Martmn Coco
[EMAIL PROTECTED] wrote:
Hi misc,
I'm currently looking for hardware alternatives for firewalls that should
have more than four NICs.
Currently we are buying R200s from Dell, but we have the 4 NIC limitation.
We could tell Dell to install a quad
Thanks!
Have you tried the quad nics on those Dells? We do have a couple of
R200s, 860s and 850s running with 2 dual port cards no problem, but we
have never tried the quad ports.
Torsten Frost escribis:
On Fri, Jul 11, 2008 at 11:47 PM, Martmn Coco
[EMAIL PROTECTED] wrote:
Hi misc,
I'm
First of all, thanks to all of you that have replied.
I've thought of adding VLANs, and will be doing it in the future maybe,
but in our current situation, that's not possible; not all the switches
support this option, and there's still some concern about security
implications (specially in
Never done the quad in my maxchines. I havent heard anyone getting
fired over it either though.
A quick check on dells web indicates you have two pci-e slots in those
r200s, why not get two dual nics.
On Mon, Jul 14, 2008 at 8:28 PM, Martmn Coco
[EMAIL PROTECTED] wrote:
Thanks!
Have you tried
* Gordon Grieder [EMAIL PROTECTED] [2008-07-12 15:27]:
[ VLANs ] just work well when configured properly.
which is exactly the point. there are too many misconfigured VLAN
setups out there, and some vendors (namely: cisco) have fucked up
defaults. cisco (at least: used to, not sure about the
On Sun, Jul 13, 2008 at 5:55 AM, Henning Brauer [EMAIL PROTECTED] wrote:
which is exactly the point. there are too many misconfigured VLAN
setups out there, and some vendors (namely: cisco) have fucked up
defaults. cisco (at least: used to, not sure about the current status,
I long abondoned
I knew it was a matter of time before the vlan insecurity bullshit hit
the fan. RTFA. Who says anything about blindly trusting switches?
If you can't correctly configure VLANs on your switches, and filter on
vlan(4) interfaces in PF, you shouldn't be administering production
networks.
* Martmn Coco [EMAIL PROTECTED] [2008-07-12 00:33]:
I'm currently looking for hardware alternatives for firewalls that should
have more than four NICs.
there is a 1u supermicro that has 4 onboard, on PCIe and PCI-X each.
gives 12 ems in 1U.
--
Henning Brauer, [EMAIL PROTECTED], [EMAIL
On Sat, Jul 12, 2008 at 12:24:46AM -0400, Jason Dixon wrote:
I knew it was a matter of time before the vlan insecurity bullshit hit
the fan. RTFA. Who says anything about blindly trusting switches?
If you can't correctly configure VLANs on your switches, and filter on
vlan(4) interfaces in
On Sat, Jul 12, 2008 at 08:24:52AM -0500, Gordon Grieder wrote:
Fast forward and we've got these 2960G's everywhere, a couple of 3750G's
doing the L3 work and feeding to the hardware out to the world. Nearly 20
VLANs going through various trunks (single gig and etherchannel). The stuff
just
Martmn Coco wrote:
Hi misc,
I'm currently looking for hardware alternatives for firewalls that
should have more than four NICs.
Currently we are buying R200s from Dell, but we have the 4 NIC
limitation. We could tell Dell to install a quad port NIC (in addition
to the two-port onboard
Hi misc,
I'm currently looking for hardware alternatives for firewalls that
should have more than four NICs.
Currently we are buying R200s from Dell, but we have the 4 NIC
limitation. We could tell Dell to install a quad port NIC (in addition
to the two-port onboard card), but I haven't
On Fri, Jul 11, 2008 at 06:47:13PM -0300, Mart?n Coco wrote:
Hi misc,
I'm currently looking for hardware alternatives for firewalls that
should have more than four NICs.
Currently we are buying R200s from Dell, but we have the 4 NIC
limitation. We could tell Dell to install a quad port
Jason Dixon wrote:
On Fri, Jul 11, 2008 at 06:47:13PM -0300, Mart?n Coco wrote:
Hi misc,
I'm currently looking for hardware alternatives for firewalls that
should have more than four NICs.
Why could you possibly need 6 physical interfaces? Even if you have a
failover pair of firewalls
On Fri, Jul 11, 2008 at 10:10:04PM -0400, Geoff Steckel wrote:
Jason Dixon wrote:
On Fri, Jul 11, 2008 at 06:47:13PM -0300, Mart?n Coco wrote:
Hi misc,
I'm currently looking for hardware alternatives for firewalls that
should have more than four NICs.
Why could you possibly need 6
Jason Dixon escreveu:
On Fri, Jul 11, 2008 at 10:10:04PM -0400, Geoff Steckel wrote:
Jason Dixon wrote:
On Fri, Jul 11, 2008 at 06:47:13PM -0300, Mart?n Coco wrote:
Hi misc,
I'm currently looking for hardware alternatives for firewalls that
should have more than four
On Sat, Jul 12, 2008 at 01:09:40AM -0300, Giancarlo Razzolini wrote:
Wow... I've used 5 interfaces also, but for different internet links.
Try do multi routing when you have lot's of different ip's of different
ranges on the same if. Your pf rules will be a mess and, in some cases,
it
I knew it was a matter of time before the vlan insecurity bullshit hit
the fan. RTFA. Who says anything about blindly trusting switches?
If you can't correctly configure VLANs on your switches, and filter on
vlan(4) interfaces in PF, you shouldn't be administering production
networks. There's
On Sat, Jul 12, 2008 at 12:35:46AM -0400, Geoff Steckel wrote:
I knew it was a matter of time before the vlan insecurity bullshit hit
the fan. RTFA. Who says anything about blindly trusting switches?
If you can't correctly configure VLANs on your switches, and filter on
vlan(4) interfaces
48 matches
Mail list logo
