Gary Kline wrote:
The way my site is now configured, my ISP
        (Qwest) baby-bell has its router connected to my pfSense firewall.  The
        firewall computer connects to my FreeBSD server which handles my DNS,
        mail, and web.  The server then fans out to my several desktops.  This
        one, my laptop, my daughter's MacBook, and has a spare CAT5 for my 
wife's
PC.

Since this sounds like a home setup, in terms of raw power usage I'm inclined to suggest a tighter integration of router, DNS and firewall functionality by putting this all into something like OpenWRT on a decent off-the-shelf router, thereby eliminating the Qwest router, firewall machine and possibly mail/web if it's low volume enough and/or you pick up a router with a USB connection for storage. Try an Asus WL-500G Premium (version 1 is my favorite) if you go that route. This would free up the server for other tasks, obsolete 2 boxes (and possibly the server), spice up your life with easy to install SNMP monitoring of connections and give your family wifi ... but I digress...

        At a minimum, I'd like to have CVS working on at least my server.

http://www.freebsd.org/doc/en_US.ISO8859-1/articles/cvs-freebsd/article.html

I used ipf and/or IPFW .... managed to catch and kill hundreds of kiddie-scripters trying to crack in. But with pfSense and how things are *now*, I'm in the dark.

You're looking for an intrusion detection system (IDS). For FreeBSD you might leverage 'grok' written by Jordan Sissel, which, isn't an IDS, but it will play like one :

http://www.semicomplete.com/projects/grok/

You could also do something like this :
http://surachartopun.com/2008/06/example-how-to-monitorby-e-mail-auth.html

...monitor your auth logs for bandits with email alerts.

That should get you started :)


-Bryant
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to