firewall

There are three steps to this:

1. Tunnel configuration
2. Firewall configuration
3. Client configuration

Tunnel configuration

Sign up for an account at http://tunnelbroker.net

Once signed up - choose "Create Regular Tunnel"

Enter the IPv4 address of the external interface of your firewall. Note - this must be able to receive and respond to ping from arc.he.net - the webpage will give you an IP address to allow ping for if it can't ping your firewall.

As part of Building a debian firewall on a CF card I was trying to make sure that disk writes to the firewall CF card were kept to a minimum.

However - I've never really been able to test this. So I was pleased to find http://samwel.tk/laptop_mode/faq - under section 5 there is a question titled "My disk spins up all the time and I have no clue what causes this. Can I debug this?".

I currently have an OpenBSD firewall running on an ancient 586. I have a mini-itx board, CF/IDE converter and a CF card and have been intending to upgrade.

However - rather than OpenBSD I'm going to try for debian (since I know that much better).

This post will end up being a "how I did it" - but at the minute is just a collection of the notes I'm grabbing for now.

For the initial install - I hung a CD-ROM as the slave IDE unit on the primary IDE channel.

I used the 4.0r3 etch netinst CD downloaded from debian.org.

I have an OpenBSD 3.6 machine as my home firewall. I also have a mini-itx machine with IDE-CF converter card waiting to replace it. This is the state of play

The build machine is running 4.0.

chroot
As root - lets build a chroot area in /home/chroot

The new firewall box is now bootable to OpenBSD 3.6. It boots from compact flash to mfs.

Waiting for a second IDE-CF converter - the H instead of the V (connectors horizontal instead of vertical - so I can shut the case).

Waiting to get a few missing packages installed - then it will replace the old box. Can't wait. Much much quieter :-)

Currently running an OpenBSD box as firewall on an old slow desktop box that's very noisy. Thinking of changing to mini-itx format.

Probably:

• Compact Flash IDE Adapter - V1
• VIA EPIA PD6000 Mainboard
• Cubid 3677 - Black

Note - I'm intending to use the fanless Eden CPU rather than the C3 fanned CPU. The box has a small fan - but - if this is noisy I can replace this with a quiet fan.