Slashdot Mirror
Ask Slashdot: Migrating a Router From Linux To *BSD?
An anonymous reader writes I'm in the camp that doesn't trust systemd. You can discuss the technical merits of all init solutions all you want, but if I wanted to run Windows NT I'd run Windows NT, not Linux. So I've decided to migrate my homebrew router/firewall/samba server to one of the BSDs. Question one is: which BSD? Question two: where's some good documentation regarding setting up a home router/firewall on your favorite BSD?
It's fine if the documentation is highly technical, I've written linux kernel drivers before :) (Got a question? You can Ask Slashdot, too.)
It's fine if the documentation is highly technical, I've written linux kernel drivers before :) (Got a question? You can Ask Slashdot, too.)
subject says it all.
runs from very small disk (I use a 4gb m-sata ssd) and has a great ui, is a superb firewall and is bsd based. used to be the old openwall code.
--
"It is now safe to switch off your computer."
https://www.pfsense.org/
http://www.bsdnow.tv/tutorials/openbsd-router
Experience usually leads to a realization that you don't know everything... Asking others is a good way to increase your available options from the few you are comfortable with to include ones you might not know exist.
He said he's written drivers. He didn't say they compiled or worked.
Why use an ancient version of pf when you can use the latest version? http://www.bsdnow.tv/tutorials/openbsd-router
I would first seriously consider seperating your router/firewall from your file server. As for preferred BSD, it would be OpenBSD for the router/firewall and FreeBSD for the file server.
The three distros in the Subject line do not use systemd, though Gentoo does offer it. They may well be the dig-in-the-heels distros that will stay that way, driven by people like you. Moving to one of those distros is a smaller/easier move for you, and doesn't preclude moving to a BSD in the future.
Years back I thought about moving my server to OpenBSD, based on reputation. However after some thinking I realized that potentially the safest server is the one you know best how to administer. I was probably better off knowing how to administer Linux well across my home cluster than to divide my efforts. I know OpenBSD is supposed to be "secure by default", but don't know how I might accidentally mess that up by mis-applying Linux knowledge to it.
The living have better things to do than to continue hating the dead.
We know it's you, Linus!
I'm a different AC, but went through a similar thing then systemd chased me off to BSD. I went with FreeBSD because it seemed to have the best userland of the options. A similar as BSD is to Linux, you still go from being fairly comfortable (I never wrote kernel drivers, but I used gentoo for about a decade and considered myself fairly confident) to feeling like a newbie again. You have to google every basic thing. It's usually a matter of "oh, in FreeBSD I use this to configure that", but there's still a lot of it and it takes time to feel comfortable with how the system works again.
He said he's written drivers. He didn't say they compiled or worked.
So he was just puttering around?
Envy my 5 digit Slashdot User ID!
Too stupid to understand routing, but smart enough to write kernel code? Something doesn't add up here.
Can't you recognize click-bait when you see it?
Heaven knows slashdot needs click-bait, what with the crap they have been doing to their layout in the last 2 days. Right now it's utter crap on Safari 6.1*, but sometimes its good and other times it's worse. And sometimes its borked on Safari 8 and even IE 11. It's as if Dice has never heard of testing on a test system and not testing on production.
*And yes I am still there because of 32 EFI, and yes I know there are ways to get >Lion running on 32 bit EFI, but it is not a priority right now.
I am Slashdot. Are you Slashdot as well?
1) Don't run your fileserver on your router/firewall. You're asking for problems.
2) Not all Linuxes run Systemd (Yay Slackware). I have nothing against the BSDs and they are probably better for networking anyway.
Personally I have Tomato on my firewall/router and use Slackware for my server needs. Serves me pretty well.
> You may have written linux kernel drivers before, but apparently you have never encountered this thing called Google?
Yes. Google. With all kinds of things tossed together both good and bad. Just because something is on Google, it doesn't mean you can trust it. The Internet is a great conduit for spreading nonsense.
A Pirate and a Puritan look the same on a balance sheet.
I'm not sure why all you systemd haters feel the need to say "If I wanted Windows, I'd run Windows". I don't know the technical details, but I assume systemd as a Linux init system is nothing like Windows - except maybe for the fact that it's not based on a bunch of shell scripts. If you're a Linux fan, I'd be surprised if the only reason you like Linux is it's script-based init system.
Anyway, I assume the various distros that are switching to systemd are doing it for a reason - and that reason isn't to make it work more like Windows. I assume it's to make it work - i.e. resume from suspend reliably, etc. And if they find that necessary, what makes you think the maintainers of BSD aren't going to run into the same walls that the systemd approach circumvents? Then what are you gonna do?
So sure, if systemd doesn't need its 'tentacles' in an area, complain about that. Maybe your distro won't use that component. But as it stands the systemd flame wars are veering into conspiracy theory territory - and that's rarely a good thing.
Posted from my Android phone. Oh, I can change this? There, that's better...
Ignore the idiots who are dismissive. Just because someone is highly technical in one area doesn't mean there's something wrong if they're not very technical in others.
I personally use NetBSD because I use different hardware in different places for NAT / IPv6 routing / DNS / all that. In homes I use a PogoPlug or Seagate Dockstar with a USB flash or SD card and a USB-ethernet and / or USB-wireless. In businesses I use amd64, sparc64 and powerpc systems. NetBSD uses the same configurations regardless of the architecture.
OpenBSD and FreeBSD are just as good, and, as I'm sure you're realizing while you learn BSD, all three BSDs are much cleaner and better organized, generally speaking, than GNU/Linux distros. The other thing that keeps me using them is that they don't try to be like Windows, so there aren't a zillion extra packages and gratuitous changes from one version to the next.
A BSD NAT router / firewall / IPv6 router / DNS / Samba / web / whatever server can be set up pretty quickly and easily, and keeping track of the configuration files and reproducing a running system is very straightforward.
Slashdot being a prime source of nonsense.
Aside from pFsense, another great alternative is TrueOS.
Actually, how do pFsense and OpenBSD compare as far as routing capabilities go? And for IPv6?
OpenBSD. Feel free to look at the others, just don't get distracted by shiny bells & whistles and GUIs and the like.
OpenBSD does what you want and does it very well.
Trolling is a art,
Like BSD, Gentoo is a source-based. So, if you're familiar with Linux, you might find Gentoo a sort of gentle introduction to a more BSD-like distro.
I've been using Gentoo for a while, and it has done what I expected most distros to do: It offers two init systems: OpenRC (the default), and systemd. OpenRC is actually Gentoo's own. It's sysvinit-like, with a few nice enhancements. If you're familiar with Sysvinit, you don't find it hard to switch: OpenRC is lightweight, and converting a syvinit-style startup script to an OpenRC one usually requires only a few modifications. OpenRC it lets you specify dependencies and runlevels by name, rather than having to manage a bunch of symlinks and numbers by hand.
Gentoo is not as user-friendly as, say, Ubuntu. There's no GUI installer. Instead, the Gentoo Handbook walks you through how to partition and format your disk, etc. I initially picked Gentoo because I wanted to learn more about Linux. Whenever I've gotten stuck, I have also found the online Gentoo community (wiki, forums,etc.) to be quite friendly and helpful.
Init: OpenRC Libc: musl Userland: busybox Looks like a nice alternative....
Peter N. M. Hansteen's PF tutorial and books are recommended reads, Peter remains involved with the developers and the information stays relevant and useful. He also ensures that readers using other BSD systems, especially with older versions of pf, can learn just as much from it.
* The Book of PF, 3rd Edition, 2014 - ISBN: 978-1593275891
* http://home.nuug.no/~peter/pf/
Michael W Lucas is another author that writes books for both the BSD and sysadmin communities, similarly, he works closely with developers and users to release these short, yet all-encompassing tomes of information, covering a wide variety of topics.
https://www.michaelwlucas.com/...
* Absolute OpenBSD, 2nd Edition, 2013 - ISBN: 978-1593274764
* SSH Mastery, 2012 - ISBN: 978-1470069711
* Sudo Master, 2013 - ISBN: 978-1493626205
And of course, official documentation is great. The effort of many people working to improve, Jason McIntyre improving readability and overall quality, Ingo Schwarze's amazing work on mandoc(1) tools. OpenBSD's FAQ, which is usually the first step people take to learn more about the system, is maintained by Nick Holland.
http://www.openbsd.org/faq/
http://www.openbsd.org/cgi-bin...
Doesn't trust it to not fail catastrophically, or not break when you update your system. Slashdot is full of horror stories where a supposedly stable distribution switched to systemd, and systems that have operated for a decade suddenly failed to boot right. It's still experimental-quality.
Picking AROS or Minix 3.
There is also RouterOS?
Just realize that whatever you do you will suffer some disadvantage.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Yeah, isn't the current version of pFsense - 2.1.5 - derived from what is in FreeBSD 8.3? And also, isn't their IPv6 support still rather primitive? It would be good to compare pFsense 2.2 vs TrueOS 10.1 vs OpenBSD 5.6 as far as their IPv6 support goes
Frankly, I love it when I am forced to take a 5 minute coffee break when I can't CTRL+C out of my misconfigured network card. This is a delicious way to start the day.
I've migrated all my servers and last year all my desktops to OpenBSD. I was expecting some of the ports/packages in OpenBSD to be outdated because that's what I read on the web, but surprisingly I found that OpenBSD often has more recent versions of things like chromium/gnome/python/ruby/etc/etc than the other BSDs and even many linux distros.
The base system on the other hand can lag a bit (for example they don't have wireless N yet), but whenever they add a new feature they do it right. One other thing about OpenBSD vs. other OSs I've used is how little breakage their is. For a business/enterprise that is critical. It's extremely rare that their base or ports system becomes unstable. I really like this. On linux/FreeBSD I've found things to be a bit more... painful.
Oh and the security that they're famous for is really amazing. The more I read about the details, the more impressed I am. This is the piece that you really want to make use of if you're building a router. The only thing they're missing compared to FreeBSD is something like capsicum. But FreeBSD doesn't take security too seriously, they focus on performance at all costs and are probably years behind other OSs like OpenBSD or even Windows. (These days I believe Windows has far better security than Linux).
Not that there is anything wrong with BSD, but you don't have to throw the Linux kernel out with the systemd water. You could choose a Linux distribution meant for routers such as OpenWRT which has x86 builds in addition to the embedded ARM and MIPS SoC platforms you will find in most actual SOHO routers.
I've installed OpenWRT on an old laptop before to use it temporarily as a wireless access point.
Becasue with pfSense (or m0n0wall) it is easy to do well. And this is a serious consideration. Doing a firewall "wrong" has some serious consiquenses, and pfSense or m0n0wall prevent you from making many common mistakes. (Actually, prevent is too strong... They just make it harder, but you can get access to anything you want if you try hard enough)
Another option is the grandaddy of all the BSD based appliances, m0n0wall. It is still very lean and very solid.
IMO the comparison comes about because the philosophies of the two (systemd and windows) are more related to one another than they are to Unix. Unix favors a collection of interacting tools that each do something (ideally, doing that something well). Windows is a giant monolithic shroud covering a multitude of interacting moving parts that you can't see, touch, or understand unless you spend the necessary years becoming an insider. Systemd seems to be leaning in that direction, hence the comparison. It's a big collection of "stuff" that refuses to be broken up into component functional bits.
It certainly doesn't help that the systemd authors seem to think so highly of themselves, that I feel no need to add to their aggrandizement by thinking highly of them myself.
The article should say: I used to write Linux kernel drivers and hate the direction systemd is taking it. Please support me by clicking on my rant and joining me in installing BSD on your router.
Seriously, I'm barely familiar with Linux as I'm just an end user, and I know well enough that I don't need an ask slashdot to figure out which OS I can put on a router which doesn't include systemd.
Help! I'm a slashdot refugee.
You don't even need to blow away the Linux partition. Just install to a 4GB USB stick and set that to be the first boot-device.
I'm the original AC who asked the question. Or someone pretending to be him, you have no way of knowing.
1. Not trusting systemd.
Because it can't be troubleshooted if all you have is something to read text files with. When all you have is a single user shell, for example. Or you've put the hard drive in a different system, which is whatever you had on hand and could even be Windows with an ext3 plugin.
Because it comes from the author of PulseAudio, who is world renowned for the stability of his products. And low CPU consumption, when they work.
Because it contradicts the Unix philosophy of having a lot of little utilities that each do one thing. It may not be a big deal for a full time sysadmin, but if your main job isn't that it's a lot easier to just read about the small parts that interest you and disable the rest.
2. If he can write Linux kernel drivers, why does he need to ask Slashdot, or why doesn't he google it?
Because I don't know anything about BSD, and I'm not looking for "learn BSD in 10 easy mouse clicks". Although the signal to noise ratio on here sometimes approaches zero, there is the occasional informed opinion, and with a bit of luck, there will be some pointer to some actual pertinent information.
3. Use pfSense
If i use pfSense I won't learn anything. I've installed it before, it took about zero BSD knowledge. Also, I want the file serving part, see 4.
4. Move your Samba server to another machine for security reasons.
The router doesn't have any important files on it. It has the usual torrents, and it runs a private http server. I update the http server's pages through samba because it's the most convenient. It's not worth running this on a separate machine as there's nothing on there that I can't afford to lose. The real data is on other machines, and backed up properly.
Looking forward to the next batch of flame posts now :)
Solaris uses SMF and OS-X uses launchd, as was discussed yesterday in the thread about the new networking features in systemd. If BSD leaves SysV and adapts something, it's more likely to be launchd, rather than systemd. Also, systemd is under GNU LGPL 2.1, and the BSD projects have tended to seek out BSDL alternatives wherever possible. Which is why launchd is more likely to be used than systemd
OpenBSD has a focus on security and I believe they were the group that developed pf. Out of the box, OpenBSD will be pretty much configured well for a router. Also pf on OpenBSD uses a newer syntax. The install process is pretty basic and some of the terminology used for partitioning disks may be confusing for someone used to Linux terminology. In-version OS updates are handled by downloading patches and recompiling from patched sources. Major OS updates come out every 6 months.
FreeBSD has a focus on being a friendlier OS to work with. The kernel exposes many more tunable options and performance is generally considered better on FreeBSD. pf uses an older syntax that was forked off at some point and may never update to the newer versions OpenBSD offer. FreeBSD has a lot of other features like ZFS, which can be a big deal for Samba. The installer is more friendly and OS updates are handled through a fetch/install command. Major OS updates come out frequently according to a set schedule.
I have the expectation that FreeBSD will support new hardware faster than OpenBSD. I think most people serious about OpenBSD will be running it on a machine with Intel network cards. Other nics (realtek, broadcom) may work but sometimes have problems under heavy load on OpenBSD.
I use OpenBSD for my routing/firewall and a separate FreeBSD system for samba/fileserving. I don't expect any problem with running samba on OpenBSD alongside the firewall, but you won't have the benefits of ZFS, which is a big deal for me.
pfsense and m0n0wall are both based on FreeBSD, due to performance.
Unfortunately I don't have as much knowledge about NetBSD.
TrueOS is just FreeBSD with some very minor additional utilities thrown in - and no support for x86 32 bit.
Netcraft confirms it, BSD is dead.
I don't understand the blatent systemd pushing. Reasons for disliking it vary but don't really matter, because its adoption will force a *lot* of people who don't want it to either suffer through it or suffer through migration to another OS. That is reason enough not to adopt it. Trying to discredit people's reasons for disliking it is presumptuous, pointless, and rather stupid.
Hi,
I've written a tutorial for installing freebsd on an encrypted root using a serial console. That should actually explain some things.
http://forums.smallnetbuilder....
Otherwise:
Get an installer image:
https://www.freebsd.org/where....
The release version is FreeBSD-10.1
try the memstick image /dev/sdX" will copy it to stick
a "cp FreeBSD.img
While you install:
don't install the package ports, you will get the freshest ones
through portsnap
Add an "admin" user make him member of group "wheel"
because that user can ssh and then "su" to root.
When you have installed FreeBSD
a.) run portsnap fetch extract
- after this your ports tree is up to date
b.) run freebsd-update fetch install
- after this your FreeBSD-system is up to date
c.) kill sendmail-demon
- after this you will feel no change at all
d.) installa samba via ports(verbosive) or via pkg add samba
you install things using the ports collection by enter the directory /usr/ports
where you choose the category for example the midnight commander can be found under "/usr/ports/misc/mc"
you start the installation using make install
afterwards you can do a make clean
or make distclean.
ports is "just" make-scripts
Hint:
svn is included in the FreeBSD base distribution
it can be called via svn-lite
So you can also checkout the current freebsd-head (FreeBSD handbook says how), browse the /usr/src directory or where yyou will then recognize that every command's source has a separate directory with make file etc..
Meaning you can now play with the source of the base distribution(userland) and kernel
FreeBSD is fun, and a base system really has a small footprint.
> My understanding is that SystemD makes binary logs for its own purposes, and that the binary features include indexes so it can very quickly answer queries like "what were the last ten things logged by Apache?"
Oh okay, this huge monstrosity is worth it if it does things like make it easy to see the last ten log entries from Apache. Because for the last 35 years we've never been able to do:
tail /var/log/httpd/error_log
Lennart would add a hundred thousand extra lines of code before thinking about "tail".
Without a doubt, FreeBSD is the best at these tasks. I have used it in the past and you can create a basic forwarding firewall with only a few lines of config. Add a dozen or so more for better control. I also ran BIND, isc-dhcpd, and a wifi access point. This would be a little tough under OpenBSD and NetBSD as they don't have quite the same range of wifi hardware supported out of the box.
FreeBSD has good package management and is very well documented. In many benchmarks, it is faster and scales better than the other BSDs. SAMBA will work fine, as will netatalk and NFS.
Having said all this, running your own firewall is a really good skill and enjoyable hobby. But if it ever becomes more of a burden than an enjoyable task, switch to a high-performance router running linux (no routers with linux have stooped to systemd yet that I know of). I have an ASUS that can seriously handle all the throughput that I can throw at it. And now I have more time for other things!
PS: If you're not already aware, in addition to local caching, BIND can also connect to DHCPD and create real DNS resolution for your local clients.
My understanding (feel free to enlightenme if wrong) is that most distros still offer other init systems, they just aren't requiring package maintainers to suppor them. Thus.. things you want to use might become dependent on Systemd.
Also (as far as I know) Gnome is the only thing already doing this with KDE likely to follow soon.
I'm guessing (more speculative) that Systemd dependency is only likely to be an issue with big "desktopy" projects like this.
I hope that you are not running Gnome or KDE on your router!
So... what's the problem? Just use a different init!
Also... what kind of router are we talking about? Is this a PC being used as a router? Or is it a device which was actually meant to be a router. If the latter what distro does it run? Do router distros like openwrt, ddwrt, etc... actually use the same init systems as desktops? I always assumed they just ran a few simple scripts.
That being said.. although I've been a long-time Linux user I am using M0n0wall myself. It's a BSD based router distro, much like Pfsense which others have recommended but a bit lighter. I only chose it b/c it (and pfsense) supported the device I wanted to convert to a router and I didn't see anyone mention any of the Linux ones for it online.
My only complaint is that I haven't been able to get a VPN server running on it. I'm not sure this is M0n0wall's fault as this has been a problem for me on a number of other installations I have attempted. I suspect my cable company of blocking it.
But, anyway.. not a single device in MY home seems to care if it's packets are being routed through Linux, BSD or whatever! How about a Syllable router for the win?!?!
Okay, fine, I'm going by anecdotes. But did you seriously just argue based on "I haven't read the same comments as you, it so it must not be true"?
But both GNOME and GNOME classic are available on PC-BSD 10.x. How does it work here, if it requires systemd or logind? The BSDs don't have that
Keep it simple: https://www.pfsense.org/
"Do not meddle in the affairs of dragons, for you are crunchy and taste good with ketchup."
Maybe, if one is leaving systemd based Linuxes, it might be worth trying Gentoo, Slackware or Devuan before doing a wholesale migration to the BSDs
Oh geez, Safari? Not that I want to stick up for Dice-dot but come on! I might use Links to browse on occasion myself but at least I understand that when I do I am so far from the norm that I get what I get and I shouldn't expect webmasters to cater to me!
Next will be a horde of angry Arachne users!
I have learned this the hard way so please take heed;
NB! most of the guides online have the syntax (order of wording) wrong for pf.conf included the beloved OBSD FAQ.
This is accurate and works on OBSD v5.6
99% of the online howto & guides will get your firewall almost working.
Use this as an example from my working pf.conf
You can spot the variables. Use 'LOG' for all of your entries and keep a "tcpdump -nettti em0 host 192.168.0.x" running while testing your setup.
"The price good men pay for indifference to public affairs is to be ruled by evil men." ~Plato (427-347 BC)
It's my gateway and router, and as it's not just a pfsense install it also serves as a web development platform, file storage, etc. etc. There's just nothing as flexible, powerful and intuitive as OpenBSD's PF for facilitating the router portion.
OpenBSD
I'm in a similar boat. I recently (a few months ago) migrated from Gentoo to FreeBSD.
The problem with systemd, and probably why so many people are running from it, is that it's not as simple as just not using systemd, or even not using a distro with systemd as a default.
A lot of packages are gaining direct or indirect dependencies on systemd, and it is becoming a huge pain to run a systemd free system. I found myself having to use portage's blacklist for the first time because simply specifying -systemd as a use flag wasn't enough. I also had to uninstall a bunch of packages and fix the associated breakage. I don't use gnome, but enough gnome packages ended up installed as dependencies of various things that it was a real headache. Slackware has straight up dropped gnome because it's too hard to have it without systemd. And of course you have systemd as an indirect requirement for gimp. Yes friends, when a graphics editing tool depends on a specific init system, it's time to get the hell out of there!
Systemd isn't the only factor, but it's certainly a major one and I think it's pushing a lot of people (like myself) who have kinda been disillusioned with Linux for some time over the edge. At some point mainstream adoption became the big goal, and this mindset where it was better to have a less flexible but easier to use system started destroying a lot of what drew us to Linux in the first place. Linux is basically morphing into a more open version of Windows for the sake of mass appeal, which may be great for humanity, but it's not why I got interested in Linux.
For many years, I ran an alix2d3 box with OpenBSD installed on it as my edge device. Excellent hardware, excellent OS.
pf.conf is simple for a basic configuration.
If you want to run off of a read-only flash file system, or have a router-style config experience, there are adaptations for that purpose also. But just plain old boring openBSD is a great place to start.
My favorite thing about openBSD is how lightweight the install is. There is very little garbage you'll want to shut off or remove.
For the canonical SOHO edge device, choose any x86 hardware you have, put 2 network interfaces on it, and you're done.
A basic pf.conf that gives you NAT and blocks everything evil from the outside is only a few lines, and well documented on the interwebs.
Put your samba server somewhere else.
Oddly enough, I finally retired my openbsd device and got a few Ubiquity EdgeRouters. My home network situation changed and I wanted a smallish device with POE support, but still wanted a real OS on it..
My opinions are my own, and do not necessarily represent those of my employer.
I run gentoo for my home server so that I don't have to worry about a major upgrade every few years. That "package churn" is what happens when you want the latest code running the latest fixes.
Yeah, some of the upgrades get dicey, but I laid out my current root filesystem in 2008, and haven't reinstalled anything since. Yes, every once in a while I need to spend a weekend fixing package collisions, but that is the ticket I paid for when I chose not to use a package based distro.
So in a nutshell, Gentoo will nickle and dime you to death to keep current, where RHEL/Ubuntu will combine all of that fun into a a few days every 2-3 years.
--WooooHoooo--
You've written linux kernel drivers, but you have to ask slashdot?
Writing linux kernel drivers is really easy, surprisingly easy. Get this book and you can learn to do it in an afternoon. If you've never compiled a kernel before, that might take two afternoons to figure out.
"First they came for the slanderers and i said nothing."
personally i would have had the "server" /firewall running CentOS 6 or Debain stable
then in 5 YEARS when they are going end of life
then worry about systemd VS systemV
in 5 years time
the question should be settled
"I don't pitch OpenSUSE Linux to my friends, i let Microsoft do it for me
Why on EARTH are you trying to roll your own router? AT HOME, none the less... Who needs that kind of trouble? And NEVER put your network firewall on the same hardware as a network server... It's a recipe for disaster.
Just go buy some compatible hardware and run OpenWRT or something. I have a Netgear WNDR4300 as a border router/firewall with OpenWRT loaded on it. They are routinely sold on E-bay for $40 or less each, I think I paid $35. Where I wouldn't recommend this exact model because you will end up building your own firmware, this device works just fine for my purposes. Configuration wasn't exactly straight forward enough for your average consumer product, but I managed to get my router running, with wireless, within a few hours.
OpenWRT comes with many optional packages you can load. I cannot vouch for any of them, but the base install is rock stable on my hardware. There is a file server package, where you can serve up USB based storage or share a USB printer, but I don't use either because I have a separate purpose built server for that kind of thing that runs OpenMediaVault NAS with a software raid array, though I think I'd recommend FreeNAS if you want a BSD based system to play with. Both are free for the price of the hardware.
Keep it simple, cheap and reliable.... Buy good hardware and all of the solutions I'm using will be very reliable and about as cheap as you can get.
OR...
Just go buy some industry standard router thingy (Cisco comes to mind) and learn how to use that. Skip all this other stuff.. I used to run a Cisco router as a border firewall, but I'll warn you that stuff gets pretty complex unless you already know how it works...
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Or just run Ubuntu.. or maybe Windows?
This is a terrible argument and totally against everything that drove me to Linux in the first place. If I don't like the way something works, I can and am encouraged to roll my own. Systemd is the culmination of this new mindset of "lets all just standardize so it's more presentable to the masses and business". Projects are becoming their own little ecosystems rather than a set of useful utilities that can be used somewhat independently. Gnome is kind of the extreme version of this, but everything seems to be heading in this direction, and now the core system functionality is becoming similar.
We are heading towards a Linux where doing your own thing is becoming less supported and discouraged, and this I find depressing. Sure we may actually have a year of the Linux desktop, but that desktop may as well be Windows.
Thanks for all of that -- I'm surprised how much of it I actually followed. It seems like it all kind of resolves to the "use the best tool for the job" comment I made somewhere in this thread, and for what the OP wants to do he doesn't need systemd, but to take a functional system and completely rebuild it because of some principled, non-technical issue with one of the libraries doesn't seem like an effective use of ones time.
Sure you can. You can roll your own. You just have to do the job. Someone has to do it. And if the distributions are not interested in doing it, then someone else has to do it. It's really as simple as that. Don't expect other people to do stuff for you just the way you like it. They have their goals in mind too. You don't like where things are going, then fix it.
Plan B.
Just go and buy a used Cisco or Juniper router off of eBay or Craigslist.
At this point I'm far more inclined to jump ship to BSD (which to be honest feels very much like Linux did back before all this nonsense) and contribute my efforts to making it what I want. Neither is really what I want, but I feel at this point BSD is actually closer, and at least philosophically more aligned with what I'm looking for.
I'm not looking to exaggerate, but i do feel the BSD developer base is noticeably increasing for the same reason, having met many recent converts who all tell much the same story.
Running Debian unstable. SystemD comes along, and suddenly, machine won't turn off. Oh, silly me, I should be running "poweroff," instead of "halt" -- nevermind that "halt" had worked flawlessly for me on all my machines in the past.
/).
Another time, I reboot my server, and bam, nothing. So I hook up a monitor, and the USB disk -- which had an fstab entry which never gave me any problem -- caused the machine to not boot up because the disk wasn't connected. Maybe I had been getting error messages about the disk not being there, but previously, if the disk wasn't there it still booted (unless, you know, it was
Anecdotal, yes, and arguably my fault...but c'mon, I don't want an entirely functional system just breaking. Does not inspire confidence.
http://www.ubnt.com/products/#...
For $99 it's hard to beat:
http://www.ubnt.com/edgemax/ed...
http://www.amazon.com/EdgeRout...
Yes, because it does useful stuff that software needs.
That's certainly one possibility and we'll hope that it's true.
Of course, being a cynic, I could also posit the possibility that systemd is so intrusive that you can't plug-replace it and therefore all these systemd-controlled packages simply cannot opt out.
Sure you can. You can roll your own.
Yes, but there's a major difference between rolling your own application and rolling your own full distro.
When you have to throw out the baby just to get rid of the bathwater, that should be troubling.
From the description "to migrate my homebrew router/firewall/samba server to one of the BSDs" it sounds like you need/want more than just a straight forward firewall. Based on that observation, I would go with FreeBSD. It has the largest install base, a great handbook, many online guides and a lot of helpful people on irc, etc.
If it were just the firewall alone you could make an argument for OpenBSD and while you can probably still do all the other stuff, you will probably be more frustrated when you run into problems. While I would like to recommend the red headed step child of NetBSD, been there, done that, only FreeBSD now.
It also doesn't support the Commodore 64.
Are there really any 32 bit x86 systems out there that you would install new software on (i.e. not legacy systems which won't change until they die)?
There's another Debian fork without systemd that has already got a RC1 release: TRIOS, see https://translate.googleuserco... It's from Serbia and maybe they will join with Devuan. Looks pretty good to me!
Why am I suppose to hate systemd? I frankly haven't noticed it at all until people started complaining here.
You will understand when something on a new system doesn't work and you have to fuck about for ages to find out what's going on because of the differences and features that are not implemented yet. Suddenly that experienced IT pro has to hit the books to get around what used to have a trivial solution because it's all different - hence anger.
It's just a case of unfinished software replacing something that was rock solid and "the way we always did it". Anger, embarrassment and blaming the new tool that doesn't quite do what the old one did are a common response to having it fuckup on you or trying to setup something non-standard that used to all just go in a trivial rc.local file. Now it's all different and the docs don't all exist yet.
So it's a reaction to hitting the rough edges of immature software and change in general.
I have to admit it pisses me off at times too but I'm getting used to it on some dev boxes and my home machine. I don't think it's ready for use everywhere yet, but it's the catch22 that without wide deployment it's never going to be ready for use everywhere. With more use, more developers and a more practical instead of empire building approach to the project (some developers want it to be an octopus with tentacles into everything instead of being an init system) it may become more useful and less annoying, even if some design choices appear to have been make on crack (eg. you don't want fucking binary logs to read on a system that's got stuck halfway to a usable environment).
That old fileserver with a bucketload of tiny disks that you can hammer on as much as you like to learn what to do with ZFS when things fuckup.
That other old fileserver for that stuff that people want to look at every now and again. Since all it has to do is saturate gigabit to get a file to one computer every now and again there's no performance advantage to buying something new.
Netbooks/Tablets. That's the most likely situation since 32 bit x86 machines to fill that role are still on sale.
Embedded systems / small form factor systems - some are x86 and are quite capable of being used as a quiet media PC using *BSD.
All BSD can do it. My favorite is NetBSD, and here is some documentation: on setting up IP filtering
Finding 3:00 to 6:DD in ANY file or device, not just a specific type of log:
grep '[3-6]:[0-9][0-9]
Note we've been doing it that way since the late seventies, so there's nothing for the sysadmins to learn. All files, disks, etc are searched with the same command, and the same one you've always used, on any *nix.
Aha! So I just need to start a new FUSE project which presents the binary logs as text. :-)
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
As a clever person who realizes that systemd is evil and poopy and probably an NSA conspiracy, I have to ask Slashdot: Just how evil and poopy is systemd?
Are you routing on custom hardware (e.g. a cheap router running OpenWRT)? Old Low-End PC? A basic current Intel box? Removable disks? USB Flash Stick? Mikrotik board?
Some hardware makes it really easy to switch operating systems. For instance, if you can run your router from a virtual machine (because your hardware is new enough), if you don't like it, or want something new, just shut down the VM and fire up a new one. If you only want to buy $50 worth of hardware, a Raspberry Pi has the advantage that the disk drive isn't built in, it's just an SD card, so if you want to change OS's you just pop the old one out and put in a new one.
Booting from a USB flash stick is probably the easiest choice for most Intel-based hardware. You can get 8GB for $5, set it up, boot from it, and if it's not doing what you want, remove it and reboot your old OS. Many Linux distros are quite friendly on USB sticks, and some BSDs are, though OpenBSD seems to be a bit harder to do that with (maybe that's a just problem with documentation, but it seems like Theo doesn't trust VMs or booting from USB instead of CD and hard drives.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Docker seems to be the new version of what people used to do with BSD jails. But VMs can give you more flexibility, if you're running hardware that can handle them (as opposed to running your home router/firewall/server on the old PC, and using your newer box for gaming or your laptop for work and browsing.) And there are router-oriented VMs like Vyatta out there.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Gimp does not require systemd.
If you think that it does because installing gimp on Debian also install libsystemd, then that's because the Debian package maintainers have set libsystemd as a dependency to dbus; and gimp uses dbus.
Gentoo is definitely not for the 'just do it' crowd. I've been using it continuously since 2004, copying the disk every time I upgraded computers and then re-compiling everything. I've never encountered another distribution where I could do that as easily. After a while you learn what packages can be 'trouble' and upgrade them gingerly. However, I've never had my system rendered unusable to the point where I couldn't go in and fix it. And Gentoo is the best argument there is for spending money on hardware upgrades as often as possible. Chrome compiles starting to seem slow? Go buy some more cores. It's also nice to have fast access to multiple releases of a package. If the latest foobar package is borked, just mask it and wait for the next update.
Even OpenRC Gentoo is not immune to the creeping insidiousness that is systemd though. As I run /usr on a separate (read-only) SSD partition in true UNIX fashion, I paid for that arrogance by being required to boot first to an initramfs because such things are now mandated by the systemd/udev gods.
And by the way, libsystemd is not an init system. It's a library.
Please see the above posts mentioning that even gimp depends on systemd already.
No it doesn't. It depends on dbus which some distros build so that it depends on libsystemd. That's a client-side library for interacting with systemd, if it is installed an running. It is not the init system and it does not even depend on it.
This combination is worthy of a thorough evaluation. I've been using it for several years and have never looked back. Remember Heart Bleed? Pfsense had the patches within hours.
man pf.conf
Stop Computers/Cars Analogies on S
It might be helpful to know what linux distro you tend to use, because the type of distro may indicate which BSD variant you would be most comfortable with.
I have in times past run 3 of the original BSDs and all have (many) strengths and (a few) weaknesses.
I would generally recommend FreeBSD for the community and documentation. Ever since it adopted OpenBSD's PF firewall many years ago (which is wonderful), I have generally recommended FreeBSD for it's generally greater modern compatibility and larger community for anyone who isn't entirely hardcore into a particular BSD for particular reasons.
It's a bit superficial, but why not fire up some VMs with all OS's you may be interested in and give them an install to kick the wheels... get at least a bit of a feel for the thing.
0) Okay, I agree that I should have phrased that differently. Note that I didn't use a pejorative phrase; I didn't say something like "morons too stupid to understand the greatness of SystemD" or whatever. I really only meant to say "some people who strongly disapprove of SystemD do not want it involved in logging at all."
1) I hope you didn't intend to lump me in with "systemd people" because I'm not one. I am an interested observer looking in from the outside. To the extent that I care about Linux and its future, I care about SystemD; I've been trying to understand how good or bad it is.
But the vast majority of the criticism I have read of SystemD has been just opinion-based flaming. To read most of the posts on Slashdot, there must not be anything good about SystemD and the people who choose it must be deluded or fools or something. I wanted to push past that and understand why smart people might not reject SystemD.
for those of us that use 'sed' and 'grep'
I'm quite skilled with grep so I can query plain-text files just fine, but I'm not opposed to SystemD making a binary log with an index for its own purposes.
If you set up rsyslog or whatever, you will still get a plain-text log file, and you have the option to simply ignore SystemD's own log file.
Windows style 'Services' (your word)
No, don't lump me in as a "systemd person". And don't assume that I'm your enemy or something.
And don't ask "how are they forcing" again, that isn't helpful when I can't get just turn the package off and sysv init on.
In Debian "jessie" you can do just that.
https://wiki.debian.org/systemd#Installing_without_systemd
lf(1): it's like ls(1) but sorts filenames by extension, tersely
FreeBSD hands down. /.
I've got detailed documentation that's rather outdated but still applicable.
The configuration is straight forward and the main packages are IPF, IPNAT, squid, snort, bind, sendmail and sshguard
I've used the documentation for as long as I've been on
To avoid corruption, one must remain dishonest.
If you are rolling your own why not just keep using init? You are not using a full dist I hope for firewall.
If you've written a Linux device driver, why are you asking us for anything?
You already know damn well how to do it and you know damn well why BSD isn't the right answer.
Go back into your mother's basement, and stay off my lawn.