Two OpenBSD Floppies

1 floppy systems are especially practical, as they normally have a precise goal, which can not be said about all Live CD's. To configure OpenBSD installed on your tough disk as router, you should make some configurations with a floppy program already designed to function as a router no such configuration is necessary (except for the most fundamental one like putting the correct names of network devices into configuration files). Such a diskette is portable and hassle-free to use. You could possibly, too, have other wishes - an MP3 player on a diskette, or even a transparent firewall.

SONaFR

There are not lots of 1 floppy OpenBSD routers or firewalls. My projects and my typically usually appears on the best in Google with keywords like: one - floppy - router - OpenBSD.

How to use SONaFR

This floppy distro has a minimal kernel. You must have two network interface cards (NIC's) in a pc where you use this floppy. To see all the network cards accessible on your program, kind:

ifconfig

(from within SONaFR immediately after it boots).

To see all the cards that the SONaFR kernel supports, type:

even more etc/cards

The configuration scripts of SONaFR (for example, /etc/pf.conf) could possibly be instantly applied in any OpenBSD challenging disk installation for firewall/router purposes thus anybody can find out how to configure the OpenBSD packet filter.

Transparent Firewall

This thing may possibly also be employed as a transparent firewall (invisible firewall). If you have a pc with two NIC's (the third NIC could be applied only for a SSH login with purpose to control such a transparent firewall) and you move information from 1 network card to one more one via a bridge (with out IP addresses), you function on the OSI layer 2 model (information link) therefore, if you move information this way more than firewall, the advantage is that you may perhaps put such a firewall anywhere - you can split any network segment without having needing to configure anything (except for the transparent firewall). Such a firewall is very speedy, as no decisions need to have to be made with respect to IP addresses a normal firewall consistently demands. Bandwidth, too, could possibly be very easily reduced (with use of ALTQ - ALTernate Queueing framework for BSD UNIX).

A excellent (and speedy) overview of transparent firewalling in OpenBSD with helpful hints and setup specifications can be identified here: http://www.dalantech.com/fusionbb/showtopic.php?tid/71026/pid/71026/post/last/m/1/

Initially, you need to make the bridge (sort the following command from inside SONaFR):

ifconfig bridge0 make

Then activate the bridge:

brconfig bridge0 add rl0 add rl2 up

(replace "rl0" and "rl2" with genuine network devices present on your method.)

To activate the transparent firewall, you have to run the pfctl command (for packet filtering the /etc/pf.conf file needs to be edited if you have special requirements SONaFR has a little editor for such a purpose, just type: mg):