jtan Custom OpenBSD CD-Boot Firewall Updated to 3.5

Contributed by sean on 2004-08-27 from the different strokes for different folks dept.

Chris Nadovich writes
We have updated our CD-Boot Firewall to use OpenBSD 3.5 and
have now incorporated several new features, including LAN side DHCP,
BIND 9 nameserver cache, and PPTP VPN, all setup out of the box.

The CD-Boot Firewall is a bootable complete OpenBSD system that has been tuned and preconfigured for use as a NAT firewall. It comes on a single CD that can boot and run on a machine without a hard disk. Persistant configuration information (i.e. the whole /etc directory tree) is stored on a floppy or flash drive that is mounted Read-Only by default.

More information, and ISO image dowload, is available here.

(Comments are closed)

Comments

By Anonymous Coward (211.30.147.144) on 2004-08-28 11:47

Anyone try this? I'm curious about it.
Comments
1. By zibi (213.76.250.62) on 2004-08-28 14:08
  
  I've just burn it twice under OpenBSD and WinXP. No luck , both CDs make panic that kernel cannot read disk label. I am going to send them report later today.
  Comments
  1. By Irvin Piraman (203.177.60.222) irvin@lamebox.net on 2004-08-28 17:29 www.lamebox.net
    
    or you could try this alternative with more features plus it boots off from a floppy!
    
    Comments
    
    By Anonymous Coward (217.162.136.53) on 2004-08-29 18:02
    
    that's very cool, although I am not really a floppy-fw enthusiast. but just to wind up the linux crowd in conversations... aah!
    
    By garry (210.5.126.51) on 2004-08-29 18:32
    
    nice one. i've just used it a while ago as a transparent firewall and it works smoothly :-)
  2. By jbroomr (65.87.172.210) jbroome@trilug.org on 2004-08-28 18:56
    
    It burned & booted fine for me, but it's not recognizing the root PW I entered when I "installed" it. Doh.
    
    Comments
    
    By Brad (168.143.113.102) on 2004-08-31 17:16
    
    Reboot, first boot builds configuration but you need to reboot to exec them properly.
    
    Comments
    
    By where is the iso? (200.192.35.5) irado(at)hotpop.com on 2004-09-04 09:12
    
    think that the iso.gz is broken, it donot appears as a *gz, at all (simply rename it to *iso and all contents are visible). But ISNOT bootable :( any hint??
By Anonymous Coward (65.5.196.200) on 2004-08-28 19:38

I saw one alternative (not that it isn't suitable or anything, in fact I am quite grateful that this was posted, and I am going to give it a try later today) to this posted in another thread, which left me wondering if anyone has any other similiar distributions they recommend?
Comments
1. By Krunch (217.136.160.7) on 2004-08-29 10:40 http://krunch.servebeer.com/~krunch/
  
  I think there was a previous article about a bootable floppy firewall but I can't find it.
  Comments
  1. By Irvin Piraman (203.177.60.222) on 2004-08-30 01:48
    
    Here's an alternative firewall that you can use that boots off a floppy. I already submitted this story but I wondered why it wasn't posted.
    
    PsygNAT by Norbert Copones.
    
    PsygNAT is a free firewall and NAT router tool for i386 which boots off on a single floppy. It is based on the OpenBSD kernel and therefore, uses pf as its native ruleset management. PsygNAT contains the necessary tools in configuring a simple NAT router, a stateful (and transparent) firewall, or a bandwidth limiter via ALTQ. It supports both static and dynamic client setup. It also includes mg, an emacs-like text editor, which can be used to write firewall and network address translation rules.
By Anonymous Coward (66.91.201.142) on 2004-08-30 02:10

I like the concept of the CD boot version...
I will burn this and try it later today.

I have a LAN with 5 interfaces and one interface that NEEDS altq to keep the students in line.
By jaak (213.89.247.82) on 2004-08-30 17:51

This refuses to boot for me, ive tried several different medias also. Would be nice if it would work...
Comments
1. By irado furioso com tudo (200.192.35.5) irado@hotpop.com on 2004-09-04 09:07
  
  :( I downloaded both (the gz and the *iso) but neither booted at all. Other people have it running (as per comments), can you post your experience and/or recipe here?
  Comments
  1. By Brad (168.143.113.102) on 2004-09-06 07:04
    
    Didn't work for me until i set "switch floppy drives" or somthing like that in the Bois. Perhaps both a: and cd emulation were trying to be the same drive?

Latest Articles

Wed, Apr 24
- 04:35 Game of Trees 0.98 released (0)
Tue, Apr 23
- 05:25 pfctl(8) and systat(8) to display fragment reassembly statistics (0)
Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (11)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]