Slashdot Mirror
Ask Slashdot: Migrating a Router From Linux To *BSD?
An anonymous reader writes I'm in the camp that doesn't trust systemd. You can discuss the technical merits of all init solutions all you want, but if I wanted to run Windows NT I'd run Windows NT, not Linux. So I've decided to migrate my homebrew router/firewall/samba server to one of the BSDs. Question one is: which BSD? Question two: where's some good documentation regarding setting up a home router/firewall on your favorite BSD?
It's fine if the documentation is highly technical, I've written linux kernel drivers before :) (Got a question? You can Ask Slashdot, too.)
It's fine if the documentation is highly technical, I've written linux kernel drivers before :) (Got a question? You can Ask Slashdot, too.)
subject says it all.
runs from very small disk (I use a 4gb m-sata ssd) and has a great ui, is a superb firewall and is bsd based. used to be the old openwall code.
--
"It is now safe to switch off your computer."
http://www.bsdnow.tv/tutorials/openbsd-router
Experience usually leads to a realization that you don't know everything... Asking others is a good way to increase your available options from the few you are comfortable with to include ones you might not know exist.
He said he's written drivers. He didn't say they compiled or worked.
The three distros in the Subject line do not use systemd, though Gentoo does offer it. They may well be the dig-in-the-heels distros that will stay that way, driven by people like you. Moving to one of those distros is a smaller/easier move for you, and doesn't preclude moving to a BSD in the future.
Years back I thought about moving my server to OpenBSD, based on reputation. However after some thinking I realized that potentially the safest server is the one you know best how to administer. I was probably better off knowing how to administer Linux well across my home cluster than to divide my efforts. I know OpenBSD is supposed to be "secure by default", but don't know how I might accidentally mess that up by mis-applying Linux knowledge to it.
The living have better things to do than to continue hating the dead.
We know it's you, Linus!
Too stupid to understand routing, but smart enough to write kernel code? Something doesn't add up here.
Can't you recognize click-bait when you see it?
Heaven knows slashdot needs click-bait, what with the crap they have been doing to their layout in the last 2 days. Right now it's utter crap on Safari 6.1*, but sometimes its good and other times it's worse. And sometimes its borked on Safari 8 and even IE 11. It's as if Dice has never heard of testing on a test system and not testing on production.
*And yes I am still there because of 32 EFI, and yes I know there are ways to get >Lion running on 32 bit EFI, but it is not a priority right now.
I am Slashdot. Are you Slashdot as well?
1) Don't run your fileserver on your router/firewall. You're asking for problems.
2) Not all Linuxes run Systemd (Yay Slackware). I have nothing against the BSDs and they are probably better for networking anyway.
Personally I have Tomato on my firewall/router and use Slackware for my server needs. Serves me pretty well.
> You may have written linux kernel drivers before, but apparently you have never encountered this thing called Google?
Yes. Google. With all kinds of things tossed together both good and bad. Just because something is on Google, it doesn't mean you can trust it. The Internet is a great conduit for spreading nonsense.
A Pirate and a Puritan look the same on a balance sheet.
I'm not sure why all you systemd haters feel the need to say "If I wanted Windows, I'd run Windows". I don't know the technical details, but I assume systemd as a Linux init system is nothing like Windows - except maybe for the fact that it's not based on a bunch of shell scripts. If you're a Linux fan, I'd be surprised if the only reason you like Linux is it's script-based init system.
Anyway, I assume the various distros that are switching to systemd are doing it for a reason - and that reason isn't to make it work more like Windows. I assume it's to make it work - i.e. resume from suspend reliably, etc. And if they find that necessary, what makes you think the maintainers of BSD aren't going to run into the same walls that the systemd approach circumvents? Then what are you gonna do?
So sure, if systemd doesn't need its 'tentacles' in an area, complain about that. Maybe your distro won't use that component. But as it stands the systemd flame wars are veering into conspiracy theory territory - and that's rarely a good thing.
Posted from my Android phone. Oh, I can change this? There, that's better...
Aside from pFsense, another great alternative is TrueOS.
OpenBSD. Feel free to look at the others, just don't get distracted by shiny bells & whistles and GUIs and the like.
OpenBSD does what you want and does it very well.
Trolling is a art,
Like BSD, Gentoo is a source-based. So, if you're familiar with Linux, you might find Gentoo a sort of gentle introduction to a more BSD-like distro.
I've been using Gentoo for a while, and it has done what I expected most distros to do: It offers two init systems: OpenRC (the default), and systemd. OpenRC is actually Gentoo's own. It's sysvinit-like, with a few nice enhancements. If you're familiar with Sysvinit, you don't find it hard to switch: OpenRC is lightweight, and converting a syvinit-style startup script to an OpenRC one usually requires only a few modifications. OpenRC it lets you specify dependencies and runlevels by name, rather than having to manage a bunch of symlinks and numbers by hand.
Gentoo is not as user-friendly as, say, Ubuntu. There's no GUI installer. Instead, the Gentoo Handbook walks you through how to partition and format your disk, etc. I initially picked Gentoo because I wanted to learn more about Linux. Whenever I've gotten stuck, I have also found the online Gentoo community (wiki, forums,etc.) to be quite friendly and helpful.
Init: OpenRC Libc: musl Userland: busybox Looks like a nice alternative....
Peter N. M. Hansteen's PF tutorial and books are recommended reads, Peter remains involved with the developers and the information stays relevant and useful. He also ensures that readers using other BSD systems, especially with older versions of pf, can learn just as much from it.
* The Book of PF, 3rd Edition, 2014 - ISBN: 978-1593275891
* http://home.nuug.no/~peter/pf/
Michael W Lucas is another author that writes books for both the BSD and sysadmin communities, similarly, he works closely with developers and users to release these short, yet all-encompassing tomes of information, covering a wide variety of topics.
https://www.michaelwlucas.com/...
* Absolute OpenBSD, 2nd Edition, 2013 - ISBN: 978-1593274764
* SSH Mastery, 2012 - ISBN: 978-1470069711
* Sudo Master, 2013 - ISBN: 978-1493626205
And of course, official documentation is great. The effort of many people working to improve, Jason McIntyre improving readability and overall quality, Ingo Schwarze's amazing work on mandoc(1) tools. OpenBSD's FAQ, which is usually the first step people take to learn more about the system, is maintained by Nick Holland.
http://www.openbsd.org/faq/
http://www.openbsd.org/cgi-bin...
Yeah, isn't the current version of pFsense - 2.1.5 - derived from what is in FreeBSD 8.3? And also, isn't their IPv6 support still rather primitive? It would be good to compare pFsense 2.2 vs TrueOS 10.1 vs OpenBSD 5.6 as far as their IPv6 support goes
Frankly, I love it when I am forced to take a 5 minute coffee break when I can't CTRL+C out of my misconfigured network card. This is a delicious way to start the day.
Another option is the grandaddy of all the BSD based appliances, m0n0wall. It is still very lean and very solid.
IMO the comparison comes about because the philosophies of the two (systemd and windows) are more related to one another than they are to Unix. Unix favors a collection of interacting tools that each do something (ideally, doing that something well). Windows is a giant monolithic shroud covering a multitude of interacting moving parts that you can't see, touch, or understand unless you spend the necessary years becoming an insider. Systemd seems to be leaning in that direction, hence the comparison. It's a big collection of "stuff" that refuses to be broken up into component functional bits.
It certainly doesn't help that the systemd authors seem to think so highly of themselves, that I feel no need to add to their aggrandizement by thinking highly of them myself.
The article should say: I used to write Linux kernel drivers and hate the direction systemd is taking it. Please support me by clicking on my rant and joining me in installing BSD on your router.
Seriously, I'm barely familiar with Linux as I'm just an end user, and I know well enough that I don't need an ask slashdot to figure out which OS I can put on a router which doesn't include systemd.
Help! I'm a slashdot refugee.
You don't even need to blow away the Linux partition. Just install to a 4GB USB stick and set that to be the first boot-device.
I'm the original AC who asked the question. Or someone pretending to be him, you have no way of knowing.
1. Not trusting systemd.
Because it can't be troubleshooted if all you have is something to read text files with. When all you have is a single user shell, for example. Or you've put the hard drive in a different system, which is whatever you had on hand and could even be Windows with an ext3 plugin.
Because it comes from the author of PulseAudio, who is world renowned for the stability of his products. And low CPU consumption, when they work.
Because it contradicts the Unix philosophy of having a lot of little utilities that each do one thing. It may not be a big deal for a full time sysadmin, but if your main job isn't that it's a lot easier to just read about the small parts that interest you and disable the rest.
2. If he can write Linux kernel drivers, why does he need to ask Slashdot, or why doesn't he google it?
Because I don't know anything about BSD, and I'm not looking for "learn BSD in 10 easy mouse clicks". Although the signal to noise ratio on here sometimes approaches zero, there is the occasional informed opinion, and with a bit of luck, there will be some pointer to some actual pertinent information.
3. Use pfSense
If i use pfSense I won't learn anything. I've installed it before, it took about zero BSD knowledge. Also, I want the file serving part, see 4.
4. Move your Samba server to another machine for security reasons.
The router doesn't have any important files on it. It has the usual torrents, and it runs a private http server. I update the http server's pages through samba because it's the most convenient. It's not worth running this on a separate machine as there's nothing on there that I can't afford to lose. The real data is on other machines, and backed up properly.
Looking forward to the next batch of flame posts now :)
Solaris uses SMF and OS-X uses launchd, as was discussed yesterday in the thread about the new networking features in systemd. If BSD leaves SysV and adapts something, it's more likely to be launchd, rather than systemd. Also, systemd is under GNU LGPL 2.1, and the BSD projects have tended to seek out BSDL alternatives wherever possible. Which is why launchd is more likely to be used than systemd
I don't understand the blatent systemd pushing. Reasons for disliking it vary but don't really matter, because its adoption will force a *lot* of people who don't want it to either suffer through it or suffer through migration to another OS. That is reason enough not to adopt it. Trying to discredit people's reasons for disliking it is presumptuous, pointless, and rather stupid.
But both GNOME and GNOME classic are available on PC-BSD 10.x. How does it work here, if it requires systemd or logind? The BSDs don't have that
I have learned this the hard way so please take heed;
NB! most of the guides online have the syntax (order of wording) wrong for pf.conf included the beloved OBSD FAQ.
This is accurate and works on OBSD v5.6
99% of the online howto & guides will get your firewall almost working.
Use this as an example from my working pf.conf
You can spot the variables. Use 'LOG' for all of your entries and keep a "tcpdump -nettti em0 host 192.168.0.x" running while testing your setup.
"The price good men pay for indifference to public affairs is to be ruled by evil men." ~Plato (427-347 BC)
I'm in a similar boat. I recently (a few months ago) migrated from Gentoo to FreeBSD.
The problem with systemd, and probably why so many people are running from it, is that it's not as simple as just not using systemd, or even not using a distro with systemd as a default.
A lot of packages are gaining direct or indirect dependencies on systemd, and it is becoming a huge pain to run a systemd free system. I found myself having to use portage's blacklist for the first time because simply specifying -systemd as a use flag wasn't enough. I also had to uninstall a bunch of packages and fix the associated breakage. I don't use gnome, but enough gnome packages ended up installed as dependencies of various things that it was a real headache. Slackware has straight up dropped gnome because it's too hard to have it without systemd. And of course you have systemd as an indirect requirement for gimp. Yes friends, when a graphics editing tool depends on a specific init system, it's time to get the hell out of there!
Systemd isn't the only factor, but it's certainly a major one and I think it's pushing a lot of people (like myself) who have kinda been disillusioned with Linux for some time over the edge. At some point mainstream adoption became the big goal, and this mindset where it was better to have a less flexible but easier to use system started destroying a lot of what drew us to Linux in the first place. Linux is basically morphing into a more open version of Windows for the sake of mass appeal, which may be great for humanity, but it's not why I got interested in Linux.
I run gentoo for my home server so that I don't have to worry about a major upgrade every few years. That "package churn" is what happens when you want the latest code running the latest fixes.
Yeah, some of the upgrades get dicey, but I laid out my current root filesystem in 2008, and haven't reinstalled anything since. Yes, every once in a while I need to spend a weekend fixing package collisions, but that is the ticket I paid for when I chose not to use a package based distro.
So in a nutshell, Gentoo will nickle and dime you to death to keep current, where RHEL/Ubuntu will combine all of that fun into a a few days every 2-3 years.
--WooooHoooo--
Or just run Ubuntu.. or maybe Windows?
This is a terrible argument and totally against everything that drove me to Linux in the first place. If I don't like the way something works, I can and am encouraged to roll my own. Systemd is the culmination of this new mindset of "lets all just standardize so it's more presentable to the masses and business". Projects are becoming their own little ecosystems rather than a set of useful utilities that can be used somewhat independently. Gnome is kind of the extreme version of this, but everything seems to be heading in this direction, and now the core system functionality is becoming similar.
We are heading towards a Linux where doing your own thing is becoming less supported and discouraged, and this I find depressing. Sure we may actually have a year of the Linux desktop, but that desktop may as well be Windows.
You will understand when something on a new system doesn't work and you have to fuck about for ages to find out what's going on because of the differences and features that are not implemented yet. Suddenly that experienced IT pro has to hit the books to get around what used to have a trivial solution because it's all different - hence anger.
It's just a case of unfinished software replacing something that was rock solid and "the way we always did it". Anger, embarrassment and blaming the new tool that doesn't quite do what the old one did are a common response to having it fuckup on you or trying to setup something non-standard that used to all just go in a trivial rc.local file. Now it's all different and the docs don't all exist yet.
So it's a reaction to hitting the rough edges of immature software and change in general.
I have to admit it pisses me off at times too but I'm getting used to it on some dev boxes and my home machine. I don't think it's ready for use everywhere yet, but it's the catch22 that without wide deployment it's never going to be ready for use everywhere. With more use, more developers and a more practical instead of empire building approach to the project (some developers want it to be an octopus with tentacles into everything instead of being an init system) it may become more useful and less annoying, even if some design choices appear to have been make on crack (eg. you don't want fucking binary logs to read on a system that's got stuck halfway to a usable environment).
Finding 3:00 to 6:DD in ANY file or device, not just a specific type of log:
grep '[3-6]:[0-9][0-9]
Note we've been doing it that way since the late seventies, so there's nothing for the sysadmins to learn. All files, disks, etc are searched with the same command, and the same one you've always used, on any *nix.