tarballed
August 19th, 2002, 18:00
So i continued to look around locally for some type of old machine for my firewall. Low and behold, I found a great place.

Check out what I got for $10

P120
32meg RAM
3.5 drive
NIC card (3com)
and....6.4GIG DRIVE!

Just have a couple questions. Have some questions regarding partitioning and NIC cards:

Partitioning:

What sort of recommendations do you recommend? I mean, I have a 6.4 gig drive. I should mention that I would like to install snort on the firewall.
What do you recommend?

Second: NIC Cards. The current card, is a ISA 3com. I believe its a 10baseT. (pretty sure)
I have a Linksys NIC thats 10/100. Suggestions on which should be internal and external?

Looking forward to your input.

Tarballed

frisco
August 19th, 2002, 18:13
Check out what I got for $10

P120
32meg RAM
3.5 drive
NIC card (3com)
and....6.4GIG DRIVE!


good deal! i'll take 4, please.

What sort of recommendations do you recommend? I mean, I have a 6.4 gig drive. I should mention that I would like to install snort on the firewall.
What do you recommend?

partitioning is a very personal thing and it is difficult to grab someone else's reccomendations when the way you use the machine might not be the same.
that said, since it's a firewall and you have that much space, i'd double the reccomendations in the install manual and give the leftovers to a /var/log partition. c.f. http://www.openbsd.org/faq/faq4.html#SpaceNeeded
i'd also create a /tmp and /home and /var/mail weighing in at at least 100mb each. but that's just me. i like my partitions.

Second: NIC Cards. The current card, is a ISA 3com. I believe its a 10baseT. (pretty sure)
I have a Linksys NIC thats 10/100. Suggestions on which should be internal and external

the 3com goes outside since i doubt your outside connection is faster than 10mb/s. if it is, i'm moving in.

marco_peereboom
August 19th, 2002, 20:26
This is how mine looks like:

[root@vuurmuur log]# mount
/dev/wd0a on / type ffs (local)
/dev/wd0f on /home type ffs (local)
/dev/wd0g on /tmp type ffs (local)
/dev/wd0d on /usr type ffs (local)
/dev/wd0e on /var type ffs (local)

[root@vuurmuur log]# df -h
Filesystem Size Used Avail Capacity Mounted on
/dev/wd0a 145M 25M 113M 18% /
/dev/wd0f 496M 6.0K 471M 0% /home
/dev/wd0g 215M 1.0K 204M 0% /tmp
/dev/wd0d 991M 652M 290M 69% /usr
/dev/wd0e 991M 6.1M 936M 1% /var

The reason for the large usr is to be able to download sources and patch my firewall when necessary.
The reason for large var is to be able to contain all those darned logs!

Small disk, small system but extremely effective.

elmore
August 19th, 2002, 20:42
I's agree with a large /var partition for sure. Maybe even a /var/mail, /usr is up to you. Mostly I partition in the following way is I have a very large disk.

/
SWAP
/tmp
/var
/var/log
/usr
/home

however, partitioning is just like what was said earlier, a personal thing. Really whatever you feel comfortable with. Note on a firewall you really don't need a /home.

tarballed
August 19th, 2002, 21:07
Note on a firewall you really don't need a /home.

Good point.

Here's what im thinking. Before I go on, since I want to install snort and keep my firewall logs, probably best to make a bigger /var or /var/log partition? (just trying to figure in snort and logs)

Here's what im thinking.

/ - 100mb
swap - 100mb
/usr - 1.5gig
/var - 1.5gig
/var/log - 2gig (remainder maybe?)
/home - 100mb
/tmp - 100mb

From adding this up, still have over a gig. :)

Here is another something I was thinking. MySQL. Another thing i'd like to learn (always something to learn). Now, the more I think about this, the more I dont want to install mySQL on my firewall. Possibly opens more doors.

However, i've been trying to do some research about putting a MySQL database on one of my BSD or Linux boxes on my LAN and keeping the logs their as well. (Maybe overkill, but trying all sorts of fun stuff).

Just something to think about. Reading up on snort, I see you can keep a database of firewall and snort logs. :)

Thoughts?

Tarballed[/i]

bsdjunkie
August 19th, 2002, 22:10
Yeah, dont put MySQL on the firewall box, but you can use it on another to store all your snort data or whatever.. :roll:

frisco
August 19th, 2002, 22:12
Note on a firewall you really don't need a /home.

i keep separate /home /var/mail /tmp even if i dont need it on my firewall so that i dont accidentally fill up /

but i'm crazy about partitioning, even on my 170 meg drive i managed to have 7 partitions.

bsdjunkie
August 19th, 2002, 22:15
If you are gonna use mysql to store snort stuff, check out ACID for it. nice php interface to look at all kinds of info. :roll:

marco_peereboom
August 19th, 2002, 23:28
I would make my / bigger then 100M though.

I am writing an howto on snort+acid+mysql on OpenBSD. I'll post the link when I am done.

/marco

elmore
August 19th, 2002, 23:31
It would be great if you'd post it in our how-to section. I'm sure a lot of people could really benefit from it.

tarballed
August 19th, 2002, 23:59
It would be great if you'd post it in our how-to section. I'm sure a lot of people could really benefit from it.

I will definetly do that.

I think I can help out others. I would definetly like to since everyone was very cool in helping me. :)

Tarballed

bsdjunkie
August 20th, 2002, 00:02
I think I can help out others. I would definetly like to since everyone was very cool in helping me.

/me starts thinking of some really low lev kernel debugging questions for tarballed..... :P