Hi,

> Thanks, John, for the quick response.  I have a few follow-up questions...

Sure, no problem!

> > > Current setup: Quadra 700, 68 MB RAM, 1 GB hard drive,
> > > Farallon Ethermac card (ae0), internal ethernet (sn0), and
> > > internal video. Drive partitioned as follows: 60 MB Mac OS,
> > > 100 MB root, 580 MB /usr, 200 MB /var, and 71 MB swap.
> >
> > This type of system can generally handle up to 400k/sec at minimum.
>
> Wow... really?  Maybe I could have built a firewall out of my IIci
> then... I only have to be able to maintain around 100K/second.  You're
> talking about kilobytes, yes?  Not kilobits...

Yes. I have many Quadras set up as IP NAT routers. The Q650 / Q800 is
capable of higher throughput, but probably because the memory speed is
noticeably faster than the Quadra with 30 pin memory. When accessing a
public server which is on the public segment from a machine on the
non-public segment, I sometimes see speeds of 550k/sec with a Q650 / Q800,
and up to 450k/sec with a Quadra 950, which is very similar to the Q700.
And yes, that's kbyte per second, not kbit.

> > That is bizarre. How did you partition the drive? What utility?

>  I used HD SC setup, modified with the 00->FF resedit trick.  I used it
> for two previous "practice" installs, with no problems.

That's interesting because you're apparently not seeing file system
corruption when the partitions (should) overlap.

> I had assumed 100 MB for root would be more than spacious... especially
> with /usr and /var getting their own partitions. But the weird df output
> makes me wonder.  I've got lots of space to play with... assuming my
> next install goes smoothly, will 100 MB for / be okay?

Usually, with /var and /usr separate, the only things that take space are
the /root partition if you use that for software install, and /tmp.
Anything in /tmp?

> 1. Maybe I just missed it when I skimmed over the procedure, but I
> didn't notice whether this will result in a state-based port-filtering
> type firewall, or whether it will only be doing NAT.  I have one of
> those dedicated hardware router/switches that does NAT, but the
> port-filtering feature on it blocks in BOTH directions.  So if I'm
> blocking a port inbound, it's blocked outbound as well. I figured I
> would build a NetBSD firewall out of the old Quadra to give me
> more/better features than the little hardware router has.  I want to
> block pretty much anything coming in, but allow a wide range of ports
> going out.

Well, this really depends on whether you actually have a routable range of
IP addresses. Perhaps this is oversimplification, but there really is no
need for any sort of firewall when one is using non-routable private
addresses and NAT, since no router should try to send traffic from the
Internet to your "router" for those addresses, anyway. Unless you're
really routing real IP addresses, NAT plus port forwarding = firewall with
everything off except what you delberately turn on.

> 2. Will I be able to find .tgz packages similar to the 1.5.3 packages I
> used previously, or is there some other procedure I'll have to follow
> for 1.6?

Not really. The m68k bulk package build has only just begun. However, you
can use the pkgsrc tree and build from source; most of the larger packages
will build overnight (such as Perl).

> 3. Is the 68 MB of RAM going to provide any real benefit?  I could just
> as easily drop the Quadra back to 20 MB and use the extra RAM elsewhere.
> But if this box will benefit in any real way from the extra RAM, I'll
> keep it in there.

It depends on what you plan to run in the future. If you want Apache,
perhaps some Perl cgis, sendmail, BIND, and so on, the 68 meg would be
better, obviously. I saw a responsiveness jump, but not a huge one, when I
moved my Q950 from 24 to 84 megs (there are a hodgepodge of 30 pin SIMMs
in there).

> 4. My two "practice" installs were done on a single big root&usr
> partition, and both worked fine with no strange df output. (FWIW, one of
> them was NetBSD 1.5.3 and the other was OpenBSD 3.1).  In principle I'd
> like to place /, /usr, and /var on their own partitions.  But again, if
> there's no real-world benefit to doing so, I'll just go back to one
> giant partition for everything to simplify the setup.

Will other users be on the system? If so, then you only need to consider
checking in every once in a while. Otherwise, for a router / NAT with a
few other services, there's no real benefit.

> > Just don't ask us how to set up Windows to do IP NAT...
>
> Ha! I do mostly Windows at work, but I'm a Mac guy at home... ;)  My
> unix experience is limited to Ultrix (yes, really -- I did system
> administration on a DECStation 5100 about 10 years ago) and Mac OS X,
> though I'm far more proficient on the command line than most Mac folks.

OS X is nice, and it will make many people less afraid to try NetBSD
- "vi? I can try that on OS X..." and so on.

> Thanks again for the advice/info...

Sure! Good luck,
John Klos
Sixgirls Computing Labs