thanks for the info on bridge, i think i will consider using it once the 2nd int_lan
and/or
the DMZ are ready!
now, i read that using nmap and other vulnerability assessment tools from the int_lan
to
the iNet will result in unreliable returns, i have noticed that if using nmap for os
fingerprinting always results to my obsd os fingerprint, can anyone enlighten me as to
why? (and since i cant trust the return, pretty sure its returning my open ports) btw,
how
do i filter port 113?
what i want is to have 2 pf.conf's one for normal network ops (file/printer sharing
for
clients, access to iNet{irc,ftp,ssh,http(s),im}, firewall protection{@ least what a
firewall
can protect},access to obsd from int_lan1 only, and i need guideance on what the
int_lan
should not be able to do!)
and the second pf.conf for security, vulnerability assessment, and i dont know how to
set this up, or if it is possiable, (i will gladly RTFM, if only you can point me to
the rite
one!) i would want this setup to be able to: access iNet, access server internally and
externally (2 clients are laptops) be able to access each other, and to log more info
than
int_lan1
i also wanted to know if i could post my current ruleset, could i get some help on
fine
tuning it, and setting up better logging (like what i should/should'nt be logging...)
and a
better understanding of what is happing with my ruleset?
-------------------------
..if i had any idea what was going on, i'd be dangerous!..
Version: GnuPG v1.2.3
fingerprint= 04E3 D88E 1204 6544 B779 B849 1545 F9A2 59C2 1C5B
