Slashdot Mirror

← Back to Stories (view on slashdot.org)

Getting FreeBSD And Novell To Work Together?

Posted by Cliff on from the yes-but-can-they-play-together? dept.

Tinfoil asks: "I am the admin at a small company looking at the B2B & B2C markets and also (in the more immediate future) remote connections to our database over the net. The main server, and the server that the DB is kept on is a Novell Netware 5 server. I don't want to pipe the Internet connection (SDSL) into this. Rather, I want a box in-between to act as a gateway. So, my question is this: Will FreeBSD (which I am a relative newbie with) connect to and act as a good and secure gateway to the Novell box? And what about VPN (or other similar options). I do not want another Novell box as that would be even worse. Thoughts?"

5 comments

  1. Re:BorderManager by Muffhead · · Score: 1

    ICS uses a different cache engine than Border Manager. Last I heard they wanted to move them to the same engine. ICS has a special file system for more performance. Border Manager doesn't have anything like that (yet).

  2. BorderManager by Anonymous Coward · · Score: 2

    While you stated that you didn't want another Novell box (for unknown reasons - cost?), what you really should consider using is Border Manager.

    Not only will the VPN work seamlessly with the Novell client already on your users' PC's, the proxy cache is also the fastest in the Intel-based world (see the Cache Bake-Off earlier this year - notice all the entries with "Novell ICS" as the software). Read the actual results - FreeBSD/squid loses by an embarassing margin.

    Use whatever firewall you like, but bear in mind - if you're a newbie with FreeBSD, you'll be hard pressed to learn all of the possible 'sploits and how to keep yourself from accidentally leaving something open or misconfigured when your attackers are probably quite BSD-savvy.

    Novell's firewall is really quite good, provided (of course) that it's carefully configured and you stay on top of patches. And the VPN is well-integrated into NDS, strong, and easy to set up. But it is not by any stretch free.

    OpenBSD can make a great firewall, but you're still going to want the Novell VPN.

    - wintermute

    1. Re:BorderManager by Muffhead · · Score: 1

      The Novell ICS & Border Manager are actually two seperate products. The ICS is a dedicated cache box.

  3. OpenBSD works by jhines · · Score: 1

    While I'm sure that FreeBSD can do the job, I've been running OpenBSD on a 486 as my firewall. It has done a wonderful job, and appears fairly transparent to Windows. It does NAT and NTP for
    my home network.

    A similar setup should work for you, in that you can use IPF to do the filtering and routing and send what traffic you want into your Novell network (web, ftp, etc).

    There is a FAQ on setting up firewalls, very worth reading.

  4. Go with OpenBSD by eap · · Score: 1
    I would have to recommend OpenBSD also. As far as ease of use, it's not any harder to configure than BSD, and it has arguably better security defaults.

    I was able to DoS my FreeBSD 3.4 machine (default install) using Nessus, but OpenBSD had no problems. Of course, I realize this means little, if anything in the real world. Any system will have holes.

    Now, anyone will tell you that it's the admin that makes your system secure, and I will have to agree. Even with the most secure OS, if you create holes or don't look out for new exploits, you will be owned eventually. Conversely, if you know what you're doing, you can produce a relatively secure machine running almost any OS.

    As far as the specifics of your implementation, Linux or any of the BSD's would do a fine job. It's just a matter of setting up NAT or IP forwarding to route the correct ports between the two networks.