Gentoo VS. OpenBSD?

[MADcow]

alright, no flame wars please, but i was wondering what your take on this was:
I need to set up a router and small web/mail/shell/FTP server. the ftp will almost NEVER be in use. the shells are only for trusted people, and the webiste is very small. the mail will be my personal account, and maybe 2 or 3 others, again very light use. it will only be serving NAT for ~10 computers. most of them are used lightly. some have slightly more intensive jobs on the net. the target machine is an AMD K6-2...

ok. now that you are all bored, the real question: OpenBSD or Gentoo? I already have gentoo on 3 of my computers, and i love it. i was wondering though, OpenBSD supposedly has some of the fastest networking code of any of the alternitaves. it also has a reputation for being incredibly secure. i have never actually administered a *BSD box, but i do have shells on a few, and have heard that the ports system is very good.
so here is what i'm interested in: is ports better than portage? (no flames, pleeeease)
is openbsd more secure than gentoo? (in my opinion, gentoo is very secure, because you can set a cron job to automatically update all the packages you have installed, thus removing a lot of potential volunerabilities...)
is openbsd FASTER for networking than gentoo is?
is there decent BSD software for setting up an internal DNS server (for computer names ie, mapping 'madbull' to 192.168.2.21, that way i dont have to use /etc/hosts on every computer, which will also enable windows computers to use the hostnames)?

do all of these considerations outway the experience of administrating a BSD box?

Thanks a LOT in advance, i know this is a lot to ask of anyone, but i really want to hear your opinions.

[antik]

[silverter]

Yup... I second that.. *BSD just works... shame the desktop support on BSD ist not as advance as on linux...
_________________
-- A Guru was once a Beginner --

[humpback]

Gentoo is Linux (maybe one day we will see Gentoo/BSD) And in some ways i still like the Linux kernel better thant the *BSD kernels.
_________________
Gustavo Felisberto
Humpback @ #gentoo-pt
------------
It's most certainly GNU/Linux, not Linux. Read more at
http://www.gnu.org/gnu/why-gnu-linux.html .
-------------

[Ari Rahikkala]

A router/server for primarily light stuff, with some services that are likely to be neglected sometimes? OpenBSD, definitely. Having never used Ports, I don't know if it's really better or worse than Portage, but I can tell that:

1) automatic upgrades cause breakage
2) privsep and all the other good stuff in the design of OpenBSD ensure that your box will not necessarily get rooted even if you don't always update all of your software five seconds after somebody notices a vulnerability (of course you *should* update your software, but hopefully it's not necessary to do it all the time with OpenBSD)
_________________
<laurentius> gentoo linux?
<ari> Yesh.
<laurentius> they look horny

[antik]

[think4urs11]

Hi!

1) With a K6-2... the bottleneck woudn't be the networking speed - it would be processing power. So it doesn't really matter whether you choose BSD or Gentoo or WinXP
2) Speaking of security 'by default' OpenBSD is the one to beat, no question about it.
3) bind+djbdns should both be available for BSD.
4) It would be a good idea to seperate the router/firewall from the servers - means put it on two machines.
The only services a FW should have are firewall (of course )/syslog(-ng)/ssh - much easier to secure!
5) If you are experienced in administering gentoo stay with it. Each and every box is just as good as its admin. By using GR-Security and chrooted server daemons and secured configs and ... i think you can get a very secure setup with gentoo too.
Every OS can be hardened and secured, even WinXP (but only the most insane of us will survive this task )
6) Doing automatic updates is no good idea. It is not on XP (believe me!) it can get you in trouble with gentoo and BSD... well software is written by humans, humans make errors...........

OTOH we're all here on this planet to learn new things, so maybe OpenBSD is the one you should choose.

HTH
T.
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself

[MADcow]

Thanks for all the input guys! i think i'll be able to make my decision soon, but unfortunatly with the onset of school, it could be a while before i get back to you...

think: i had considered using different boxes for the router/firewall and the server, but unfortunatly i don't have the resources
actually... i suppose i could serve stuff on this box... that's an idea. although i don't know how i feel about giving shells on my little toy out to people... well, i'll definatly consider it more.

thanks again!

[zenlunatic]

I personally like the fact that the linux kernel is under the GPL. BSD kernels are free software, but not copyleft, which means that a company can take it and use without adding to it. Nothing good comes from this situation.

[TGL]

[Lycander]

[antik]

[Lycander]

See, the funny thing is I had FreeBSD + XFree + KDE up and running on a UP Pentium 4 system. This latest attempt was on a dual P3 system that was giving me grief. So I think I'm blaming my system for hardware compatibility with FreeBSD.
_________________
* Blessing /dev/hda2 with holy penguin pee

[antik]

[Lycander]

Are we here to avocate the use of FreeBSD? I just might give 5.1 a try, I hear there's people trying to bring Portage to BSD.
_________________
* Blessing /dev/hda2 with holy penguin pee

[paranode]

OpenBSD is a perfect operating system to act as a router/firewall and DHCP/NAT server. I have used it for a long time in this configuration. There are a couple of tweaks you can do to change kernel options to make networking even faster if you want to use it as a bridge, the OpenBSD FAQ will help you there. OpenBSD can also be set up in less than 10 minutes, which is a nice advantage over Gentoo. For the most part, you can leave it be and forget about it, excepting to update any servers (FTP, web, whatever) that need security patches. As for Ports vs. Portage, I think Portage is more mature and flexible, but Ports is for binary packages which fits BSD just fine. I don't even usually install Ports when I set up an OpenBSD box, they have some packages included on the CDs and the website that you can install that aren't part of Ports.
_________________
Meh.

[cbreaker]

The K6-2 will be able to drive your NAT system with absolutely no problems, even if you ran OS/2 with a DOS based NAT application (I used to do this on a Pentium 60, it worked great.)

Speed isn't really an issue here. Maybe OpenBSD is "faster netcode" - I dunno. Linux can't be far behind. And with your amount of traffic it doesn't matter.

I like iptables. I think it's fantastic. I thought ipchains was good - iptables is much, much better. There's so much you can do. The latest gentoo-sources kernel includes all the latest iptables stuff too, allowing you to do more with packets then you'll know what to do with. The last time I looked at BSD firewall stuff was with my friends' old FreeBSD 4.x box (which I've moved him to Gentoo, mostly because there's no cipe for BSD and cipe is amazingly easy to get VPN's running on rather unreliable connections.) It was pretty simple, advanced enough for what we wanted to do with it, but it was no iptables.

I see no reason to go with OpenBSD, it will just be another system for you to learn and support. I'm sure OpenBSD is a very fine operating system, don't get me wrong. But if you know Gentoo, run Gentoo already... the answer seems simple.

ps. I've run Linux as my firewall for years. And I've also installed Linux routers/firewalls at many businesses with great success. The security of a system is only as good as it's Administrator. If you have experience with Linux and Gentoo (and not OpenBSD) you'll be much more capable of locking down a system you know.

[ba747heavy]

Gentoo, it just works *g*
_________________
Fred Clausen
"leet [speak] is a cry for help from a shallow mind" - Doomwookie Jan 05

[BigBear]

For NAT/Firewall application, I went with FreeBSD. Mainly due to the excellent documentation on FreeBSD web site on how to install and configure the whole thing.

Plus I thought the ipfw commandline interface to the firewall pretty simple to learn and yet powerful.

For the actual application serving and desktop usage, I used SuSE and Gentoo.