Reading News Comments

There's an (IMHO) good tutorial on how to set up a NetBSD box as a router/firewall, including a more or less complete sample ipf.conf. Its only downside is that it's in German... but tell me if you need something translated. :-)

I appreciate the info. There is alot of info out there from my searches. The only problem is that firewalls on unix are insanely complex and it's hard to know if you are secure or not. At least in my feable attempts at configuring iptables on Linux.

FreeBSD 4.8, sounds nice. Do you only use this box as a server or do you do work on it as well? I'm interested in using either OpenBSD or NetBSD as a desktop/personal server. I'm having issues at the moment with getting Firefox 1.0 to work stable. When it comes to Unix I have very little needs. My only real need is to have a browser that is current and functional (no special plugins but flash would be nice).

The only problem is that firewalls on unix are insanely complex

Heck, yeah. :-P

I've found it quite useful to have nmap available on an external system. Whenever I change my firewall config, I can ssh into a friend's box and run a full-fledged port scan against my machine. (And vice versa, he uses my machine to scan his.)

Do you only use this box as a server or do you do work on it as well?

It's used exclusively as a server. It offers HTTP, FTP, SMB and mail services on my LAN, and HTTP to the whole world. It also hosts my MP3/movie/software collection. My workstation is a (rather old) 1GHz Athlon with Windows 2000/Mandrake 10.

"God is dead." - Nietzsche, 1882 "Nietzsche is dead." - God, 1900

I just realized this is nulls first thread here (News Comments). Just get the rights?

Anyway, how is BSD different from linux on the kernel level?

I should be ashamed of myself.

This post was edited by Aynjell on Jan 01, 2005.

I just realized this is nulls first thread here (News Comments). Just get the rights?

Nope, only Jaz may post new stuff in the News forum.
Which doesn't mean I can't post in any open forum and then use my magical powers to move that post into a restricted forum. :-P

Anyway, how is BSD different from linux on the kernel level?

It's a wholly different OS. Kernel-wise, they have different architectures and do many things in different ways.
Development-wise, the main difference is probably this: while Linux is being developed by all kinds of people all over the world and one guy decides which changes make it into future versions, the FreeBSD kernel is being maintained and developed by a relatively closed group of experts.
While Linux supports more devices, FreeBSD tries to make the devices that are supported as stable as possible. You won't find as many experimental drivers for FreeBSD as there are for Linux.

FreeBSD is a (surprise) BSD-style system, while most Linux distributions lean more towards System V (e.g. concerning startup scripts).

You may have heard that FreeBSD is much stabler, faster and has way better SMP (multiprocessing) that Linux. For all I know this used to be true a few years ago, but in the meantime Linux has gained much ground, or so I've heard. I don't know how they compare to each other in their most recent versions (it probably depends on who does the testing). What I personally like about FreeBSD is that it's a very mature and thought-out system, designed from the ground up to be clean and consistent (there's exactly one version of FreeBSD, you don't have to worry about different distros or package managers). It offers some unique features (kern.securelevel, jail, dummynet) I just haven't seen in other systems.

"God is dead." - Nietzsche, 1882 "Nietzsche is dead." - God, 1900

Nope, only Jaz may post new stuff in the News forum.
Which doesn't mean I can't post in any open forum and then use my magical powers to move that post into a restricted forum. :-P

Dude, why didn't you tell me. I didn't even know that :) You can post now.

'Yeah, That's what Jesus would do. Jesus would bomb Afghanistan. Yeah.' - snowlion

Dude, why didn't you tell me.
You can post now.

I never needed it... but thanks :-)

"God is dead." - Nietzsche, 1882 "Nietzsche is dead." - God, 1900

mod_gzip achieves compression rates of about 66%,

Is there a way to test my configuration to see the compression ratio? I'm using Apache 2.x and mod_deflate. I'm not sure how much different if any this will be to mod_gzip with Apache 1.x. I read the mod_deflate docs on apache.org but still don't know if I have it configured correctly as that page only gives you suggestions. Which really seems like more and more docs I keep reading, they can't give you real advice, just suggestions.

Is there a way to test my configuration to see the compression ratio?

Well, I'm using Apache 1.3.x with mod_gzip, and I have it configured as follows (all in httpd.conf):

Load module

LoadModule  gzip_module  /usr/local/libexec/apache/mod_gzip.so

Module configuration

<IfModule mod_gzip.c>
    mod_gzip_on                 Yes
    mod_gzip_dechunk            Yes
    mod_gzip_temp_dir           /var/mod_gzip
    mod_gzip_minimum_file_size  300
    mod_gzip_maximum_file_size  0
    mod_gzip_maximum_inmem_size 100000
    mod_gzip_keep_workfiles     No
    mod_gzip_item_include       file    .cgi
    mod_gzip_item_include       file    .pl
    mod_gzip_item_include       file    .php
    mod_gzip_item_include       mime    application/x-httpd-php
    mod_gzip_item_include       mime    application/x-httpd-php-source
    mod_gzip_item_include       mime    text/*
    mod_gzip_item_exclude       mime    image/*
    mod_gzip_item_exclude       file    .js
    mod_gzip_item_exclude       file    .css
    mod_gzip_min_http           1001
</IfModule>

Define logfile format (default format + "mod_gzip: xxpct.")

LogFormat  "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" mod_gzip:
%{mod_gzip_compression_ratio}npct." combined_gzip

(All in one line)

Set my logfile format as active

CustomLog /usr/local/apache/logs/access_log combined_gzip

Each entry in the logfile then includes the compression ratio (if any).

I can't tell you anything about Apache 2.x with mod_deflate.

"God is dead." - Nietzsche, 1882 "Nietzsche is dead." - God, 1900

oil resources worth mentioning in my apartment.

[sarcasm]Ah yes, but think of the profit Halliburton could make off of selling your ethernet at inflated prices?[sarcasm] :P

Man, I can't wait until Fall 2k5 when I go off to Texas A&M (for the Viz Lab as a masters after I get my bachelors in CS) where they give you gigabit ethernet in your dorm room/apartment if (a) You've got a gigabit card and (b) you write them a letter telling them why you need it.

Also, what's cool, our local cable service (the behemoth COX, so not so local, eh?) upgraded their southern networks, so now we can upgrade our cable service to 'bout 4mbps download, and 'bout 1mb upload I think.

Pistol Grip Pump In My Lap At All Times

Ah yes, but think of the profit Halliburton could make off of selling your ethernet at inflated prices?

I really don't think it would be worth the hassle. :-)

"God is dead." - Nietzsche, 1882 "Nietzsche is dead." - God, 1900