Slashdot Mirror

Oh, you don't have to convince me... that faithful old P233 ("Argo" by name) isn't going anywhere. It's served me well for 11 years (well, I think the RAM stick needs replacing, but that's no big deal) and I'm rather attached to it. :) It'll probably remain a backup DOS/Win machine, essentially the role my old 286 used to have... tho your idea of turning it (or one of its near relatives) into a router has crossed my mind, possibly with the Dubbele setup -- http://firewall.dubbele.com/ which being NetBSD-based is probably pretty secure, and it'll run on much lesser hardware than Argo.

And I still have my original 286 (it still works) which didn't get retired for good until 2001. It stayed in use for so long because I lived in an area with power-outage problems, and my big UPS (itself salvage, and now 29 years old! needs a new battery, tho) would run the 286 and its little monochrome monitor for 5 hours... and it could still do everything I absolutely couldn't live without (including primitive internet access). At one point I knew every one of its 700 files by name and hex... couldn't bear to throw it out, that would be like killing my firstborn!

[Should I admit that there is also a working XT -- with VGA!! -- in my Closet??]

Like yourself, it pains me to trashbin working hardware, and as a result I often take in homeless computers. Used to be even 386/486 machines had value, and I've got a bunch sitting in my barn that I wish someone could make use of... Over the past few years P3s (and a few P4s, tho those tend to die young) have rained from the sky, so I've got a bunch of that era in my salvage pile too -- I consider those good enough to keep, along with some of the nicer MMX systems, since they'll do everything I really need, and very seldom die. I've pretty much stopped buying hardware, other than HDs (junk fills the space allotted :) and that iBase mobo which I got used, and intend [Real Soon Now!!] for my next longterm everyday system (and hopefully it'll last longer than the namebrand P4s that have come my way, none of which has lived longer than 4 years from manufacture date. I detest factory-built systems; they're DESIGNED to fail at such a young age. I've got a huge pile of gutted OEM carcasses in my side yard, from junk donated to our PC user group. Eventually our local electronics recycler will haul it off.)

I do tend to upgrade a system over time until it's completely maxed out, then the system remains in some sort of use til it dies of sheer old age. My everyday P3 actually started life as a 486, in 1994!! still has a few of the original parts, too.

Once in a while I encounter someone who is happy to have ANY working computer, and (as the hardware guru for the local PC user group) I can always find 'em something usable, from the club's stockpile (mostly P2s) or my own. But most people and organizations around here turn up their noses at anything that won't run XP, or don't know how to cope with any other OS and aren't really in a position to learn. Frankly a P200/Win9x does everything most people really use a computer for, but the less someone knows about computers and the less real work they expect from the machine, the more they fear being "left behind". So the folks who'd actually get the most use from these nice old systems are the least likely to accept 'em, even as gifts when they have no PC at all. :(

If it weren't for that, there'd be no one in all of America who needed a PC and couldn't get one for free -- there are that many older but perfectly useful machines going to waste.

Oh good, I actually understood something! :)

I've been looking at the Dubbele firewall, which is NetBSD-based and will run on any piece of crap (and comes with instructions that I actually halfway grok). http://www.dubbele.com/how_to_get.html Any thoughts?

Surplus old hardware is not a problem around here; I probably have 50 carcasses that would be up to the job :)

Dunno about that, but here's one based on NetBSD:

http://firewall.dubbele.com/

I haven't tried it, but I did read the instructions, and it looks like it's relatively a no-brainer.

"I've used smoothwall for a while and I was very satisfied with it. But at some moment, it stopped working. The ADSL connection couldn't be established anymore."

Actually the same thing happened to me. Well sort of the same (my connection uses DHCP). My problem was that the webpage configuration never came up. I finaly figured out that this was because my 100mb /var/log was full!

Clearing that out made the smoothy run fine again. It has since happened a few more times and everytime i just have to clear out all the logs. That said, while the disk was full, it was still routing traffic as expected for months before i discovered the issue.

The one thing I would like to see would be a better way of tracking all the connections being setup and torn down by the machine, realtime, say logging to a console window. I used to have a dubbele NETBSD firewall ( http://firewall.dubbele.com/ ) that, becasue of the firewall package on there (vastly superior to iptables IMHO) i could run a simple command (ipmon -o N) and it would list everything going on. very cool. I know about IP contrak mod for smoothwall but on a webpage just doesnt have the same cool feel as realtime. Its nice to catch all those EA games you have calling home when you launch them :)

Anyways the one story i love to tell about the netbsd machine was that the hard drive failed on it months before i found out. The machine was running flawlessly until i rebooted it for some reason and got a nice primary HDD fail in the bios. The last timestamp for a file on the HDD was like 8 months previous.

"we have all those home Windows boxes connected direct to the Internet with no firewall/virus-detection"

we do? perhaps we need a cheap firewall or router.

and for god sakes pirate norton!

Block the port, use zone alarm, or (shameless plug) install this firewall

-John

I use the NetBSD Firewall Project. It works great for me (P100, 24MB of ram). If I ever get a UPS, the only time I see rebooting it is when it's time to install a new version of the OS. It's very simple to setup, and you can get the hang of administering it with little effort.

NetBSD/i386 Firewall Project

-John

I see a lot of "stealing" comments. So, instead, go the Open Source route and build your own firewall with the NetBSD/i386 Firewall Project

Yes, yes, I know, blatant plug

-John

Or you could use the firewall at www.dubbele.com

-John

urgh. Slashcode 2.0 does ugly things to urls after post... Simply try this: http://www.dubbele.com

Disclaimer: that's my site. Contact me through email if you need assistance, I'd be happy to help you with details..

-John

I've got several users of my firewall at www.dubbele.com who have done just that. NetBSD, which I'm using, but linux as well, of course, can get by with limited resources - small disks, not too many Mb of memory, etc...

Of course not, they'll find other ways to make money off the site. Take a look at mine, and see if there's any banner ads. Yet, I'm very happy with the results the site has brought me.

-John

I don't. It's not my job to make them profitable enough to keep on working. It's theirs. The burden is on them, not me.

And yes, I'm running one of those sites myself (take a look), and I've got other ways to make it possible to go on doing it without banner ads, and I expect to continue working on the site for quite a while. I've found a way, I'm sure others can as well.

-John

Ahh, well I'm posting something offtopic. I just wanted to not that something like this has been done for NetBSD look at this link www.dubbele.com

There is something like that for NetBSD here. But it's really just an install disk and lets you do an FTP install to your HD. which doesn't really matter because if you're using a comp as a firewall/NAT then you probably aren't going to be using it for anything else and can wast the small HD on an old comp. But ya, an OpenBSD one that fits on a single floppy would be cool.

And most offices have spare old hardware gathering dust anyways, so there's plenty of products better suited, such as NetBSD/i386 Firewall Project

You might want to buy this card for the support (although I feel for small offices the firewall should just sit quietly in a corner simply always work), but in that case, why not spend money on a stand-alone box anyway?

Bastille is a great project, but ultimately it targets people who sort-of know what they are doing. How do you feel about projects like the NetBSD/i386 Firewall Project who (whilst having all sources available) targets people who have no clue other than "I need security" by giving them a firewall that has an install that's about as simple as one can make it? Is this just a matter of defining the target audience different?

They're selling you high speed internet access. My DSL provider, CapuNet, displays a very sensible article about security in their customer support section. It basically says, your machine is valuble because it has a high speed connection, so do something to secure it. I agree, and that's all they need to say. It is up to the customer to weigh the risks, rewards, and options and act accordingly.

There are plenty of firewall and security products out there, and if your computer gets comprimised, it is not the fault of the service provider. For those hear on /., probably the one that many would be interested in is the NetBSD firewall solution. If you don't have a machine to dedicate as a firewall, there are plenty of others, including free software like ZoneAlarm. One of the funniest things about this, though, is that a lot of the port scans and other intrusion attempts that people get are coming from their ISP. It would be nice if this was to benefit the customer, but I think it's mainly just to keep an eye on the customer instead.

or even
NETBSD Firewall project

Step 4: visit www.dubbele.com

I may not be a Geek on a caffeine high, but that firewall is priceless - free, that is :-)

-John

Check out the NetBSD/i386 Firewall Project. Far, far easier for a newbie.

And yes, 15% of the the people who visit that web site do so from the @home domain...

-John

Then don't buy any music and only attend concerts like everyone has always had to do excluding the last 100 years

Check. I'm doing just that.

And I love to code, but giving my code away makes me poor.

Well, I've been giving away what I've been doing, and it has netted me quite a bit. Take a look at the NetBSD/i386 Firewall project. It has landed me a few projects, an article in ;login: and a lot of review work. I'm no longer making making money from the code, but from the performance (of writing new code, or doing (security) reviews). Just like I rather visit a live music performance than listen to music, people now do the same with my work - and I'm not an artist!

-John

True, somewhat. I see others 'jump' into that market: Free NetBSD/i386 Firewall

There's a good NetBSD based free firewall at www.dubbele.com if you have an old box lying around...

-John

That's why I made a free firewall that runs off hard disk - sure, it can be done from floppy, but I consider them too failure prone...

-John

www.dubbele.com has a free netbsd based firewall. Also, on the web site there's a good list of resources you may want to check out.

-John

Look at www.dubbele.com for a free firewall project.

I'm not sure if this qualifies, but take a look at www.dubbele.com

ISP's are not going to touch this issue. You'll have to install something like this.

Another one is at www.dubbele.com

-John

I don't know exactly what features you're looking for, but have you checked out www.dubbele.com?

NetBSD/i386 Firewall is free.

I've mentioned this elsewhere in the threads off this topic, but I guess it's worth repeating:

It can be found at www.dubbele.com

-John

Look at www.dubbele.com

It comes close that what you want, in a way.

-John

There's an excellent NetBSD/i386 Firewall setup available at www.dubbele.com that is meant for "Joe DSL" but has all the sources out in the open. Check it out.

-John

What you say is very true - that's why I started this

-John