[nycbug-talk] OpenBSD "router shell"

Steven Kreuzer skreuzer at exit2shell.com
Sat Jan 2 13:50:49 EST 2010


On Jan 1, 2010, at 6:15 PM, Charles Sprickman wrote:

> On Thu, 31 Dec 2009, Isaac Levy wrote:
> 
>> On Dec 30, 2009, at 11:37 PM, Charles Sprickman wrote:
>> 
>>> This is new to me, thought I'd share:
>>> 
>>> http://www.nmedia.net/nsh/
>>> 
>>> "NSH consolidates configuration for interfaces, bridging, routing, PF
>>> packet filtering, NAT, queueing, BGP, OSPF, RIP, IPsec, DHCP, DVMRP, SNMP,
>>> relayd, sshd, inetd, ftp-proxy, resolv.conf and NTP. It presents the user
>>> with a vaguely cisco-like interface with all configuration in one easy to
>>> read text list.
>>> 
>>> It also gives the user access to system information and diagnostics. NSH
>>> replaces the userland commands which handle these functions, and talks
>>> directly to the OpenBSD kernel or control utility for daemon
>>> functionality."
>> 
>> I'd be interested to hear how your trip goes with this down the road 
>> once you've used it...
> 
> I probably won't be using it anytime soon - I really dig the idea, but for 
> the time being I just can't wrestle with pf QoS stuff without some 
> hand-holding, so I'm probably going to end up giving Vyatta a spin as a 
> Cisco replacement at one site that has to do hard rate-limiting on each 
> VLAN...
> 
> But if I ever find the need to drop an OpenBSD "router" somewhere and QoS 
> is either not needed or very simple, this would be a no-brainer.
> 
> I may also find that Vyatta totally sucks...

For some reason, I thought Vyatta was based on OpenBSD, but when I gave it a 
spin, it turns out its based on Debian Linux. Much like nsh, they have a cisco like interface
to configure the appliance that abstracts having to deal with all the various little networking
subsystems.

As of right now, I have not found any advantage to using Vyatta over pfSense
in terms of functionality. However, under the hood, pfSense is based on FreeBSD so
I am going to make a bold claim and say that chances are its more secure and
stable (flame on)

--
Steven Kreuzer
http://www.exit2shell.com/~skreuzer




More information about the talk mailing list