Re: OpenBSD/ (maybe FreeBSD) Firewall/Router/DNS
Sounds good to me but I'm still confused about how I need to set this up hardware wise. The link at freebsddiary sounds good to start with I guess. I don't know if I need any extra hardware either. I have at the moment 2 NICs and 2 crossover cables. Do I need more? Do I keep the NIC in this machine or do I move it to the machine that will be acting as a firewall/router/gateway? How do I set this up? Still confused on this part. On Tue, May 11, 2004 at 12:26:59AM -0500, Micheal Patterson wrote: - Original Message - From: Bryan Cassidy [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, May 11, 2004 12:20 AM Subject: OpenBSD/ (maybe FreeBSD) Firewall/Router/DNS Hello. I am currently running FreeBSD 4.9-RELEASE p-7. I am pretty comfortable with FreeBSD for the most part and really enjoy using it on a day to day basis. This is my thoughts. I have an older NEC PC that I would like to put to some use. First off I don't know if I need any 'extra' hardware. I have now 1 DSL modem (dhcp - could get static, is it worth getting?), 3 NICs, and 2 cables to connect the ethernet cards. I have just been reading up on Firewalls on FreeBSD using ipfw. I would basically like to do the following. I want to install OpenBSD 3.5 or Possibly one of the FreeBSD 4.x, 5.x, 4-stable, current or whatever. Which would you all recommend using in this situation? I want to continue to use my nice newer, much faster computer to do all configurations to the system, updates, installing software, running apache, configuring firewall, etc. etc. etc. via ssh (good choice?) to the other/older box. Would really appreciate some insight on this topic. Networking/Security is becoming very interesting to my. Thanks. Don't forget, do I need any 'extra' hardware? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I can't speak for anyone else but myself, but here's my opinion on this. If you have an older box, you'll need 2 nics. One (external / serial interface) to the dsl modem (crossover cable), one to the lan side. If this is also to a PC, you'll need another crossover cable. If the old NEC is a 486 with at least 32 mb ram, that should be all you'll need hardware wise as long a it's got a couple of gig for drive space. If you want to enable full firewall logging, you'll need more disk space for that of course. What I'd recommend doing in your situation, is the same as I have here at home. Have the bsd box (I prefer freebsd myself) connect to your provider and pull the ip on the serial interface, then assign a private ip to the internal nic and to the systems behind it on the lan. Then on the bsd box, enable nat and the first rule of your firewall will be a divert rule to pass everything to NAT. For more info on this and it's configuration, check out http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/book.html or http://www.freebsddiary.org/ipfw.php If you're still wanting more info, then I'd recommend a google search for freebsd natd and / or freebsd ipfw to get a lot of good and useful info. Hope it helps. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OpenBSD/ (maybe FreeBSD) Firewall/Router/DNS
- Original Message - From: Bryan Cassidy [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, May 11, 2004 12:31 PM Subject: Re: OpenBSD/ (maybe FreeBSD) Firewall/Router/DNS Sounds good to me but I'm still confused about how I need to set this up hardware wise. The link at freebsddiary sounds good to start with I guess. I don't know if I need any extra hardware either. I have at the moment 2 NICs and 2 crossover cables. Do I need more? Do I keep the NIC in this machine or do I move it to the machine that will be acting as a firewall/router/gateway? How do I set this up? Still confused on this part. You'll need a total of 3 nics to hook up a firewall and one PC behind it and 2 crossover cables. 2 nics in the firewall system and 1 nic in the PC. dsl-modem firewall PC If you plan on running more than one computer behind the firewall, you'll be better off getting a hub or a low end 10/100 switch. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OpenBSD/ (maybe FreeBSD) Firewall/Router/DNS
Bryan Cassidy wrote: Sounds good to me but I'm still confused about how I need to set this up hardware wise. The link at freebsddiary sounds good to start with I guess. I don't know if I need any extra hardware either. I have at the moment 2 NICs and 2 crossover cables. Do I need more? Do I keep the NIC in this machine or do I move it to the machine that will be acting as a firewall/router/gateway? How do I set this up? Still confused on this part. Another recommendation (although slightly outdated) is : http://mostgraveconcern.com/freebsd/ (take a look at the dual-homed system howto). You ideally need 2 NIC's in your NEC machine that you want to use as a gateway/router/firewall.* Then, assuming that you want to connect to the internet on another computer, you need a NIC in that machine. If you have more than one computer besides the NEC, then you need NIC's for those machines and a hub in between. Take a look at the HARDWARE text for whatever version of FreeBSD you are installing to make sure it supports your NIC's. If you load the system and find that the NIC's aren't supported, you will have wasted a bit of time... (I'd be surprised, though, if you have a NIC that isn't supported... never met one myself.) So, the diagram looks a bit like this: xDSL/Cable Modem -- cable/crossover cable -- NIC1 | NEC | NIC2 -- cable/crossover cable -- *inside* computer where the NEC is the machine doing the NAT/Firewalling and Routing. The xDSL/Cable Modem simply gives you your connection to the net. As far as configuring the NEC, you need to spend some time to understand what NAT is and what you want to be able to do with your *inside* computers. Most of the ipfw howto's have pretty good rulesets to work with, so you don't have to worry so much about that issue - but you should eventually take time to really understand what your firewall is actually doing. hth, Steve Fettig * I say *ideally* because you *can* do it with one NIC - but that really defeats the purpose of setting that machine up as your gateway/router/firewall due to the ability for someone to spoof an address from the internal network. On Tue, May 11, 2004 at 12:26:59AM -0500, Micheal Patterson wrote: - Original Message - From: Bryan Cassidy [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, May 11, 2004 12:20 AM Subject: OpenBSD/ (maybe FreeBSD) Firewall/Router/DNS Hello. I am currently running FreeBSD 4.9-RELEASE p-7. I am pretty comfortable with FreeBSD for the most part and really enjoy using it on a day to day basis. This is my thoughts. I have an older NEC PC that I would like to put to some use. First off I don't know if I need any 'extra' hardware. I have now 1 DSL modem (dhcp - could get static, is it worth getting?), 3 NICs, and 2 cables to connect the ethernet cards. I have just been reading up on Firewalls on FreeBSD using ipfw. I would basically like to do the following. I want to install OpenBSD 3.5 or Possibly one of the FreeBSD 4.x, 5.x, 4-stable, current or whatever. Which would you all recommend using in this situation? I want to continue to use my nice newer, much faster computer to do all configurations to the system, updates, installing software, running apache, configuring firewall, etc. etc. etc. via ssh (good choice?) to the other/older box. Would really appreciate some insight on this topic. Networking/Security is becoming very interesting to my. Thanks. Don't forget, do I need any 'extra' hardware? snip ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OpenBSD/ (maybe FreeBSD) Firewall/Router/DNS
- Original Message - From: Bryan Cassidy [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, May 11, 2004 12:20 AM Subject: OpenBSD/ (maybe FreeBSD) Firewall/Router/DNS Hello. I am currently running FreeBSD 4.9-RELEASE p-7. I am pretty comfortable with FreeBSD for the most part and really enjoy using it on a day to day basis. This is my thoughts. I have an older NEC PC that I would like to put to some use. First off I don't know if I need any 'extra' hardware. I have now 1 DSL modem (dhcp - could get static, is it worth getting?), 3 NICs, and 2 cables to connect the ethernet cards. I have just been reading up on Firewalls on FreeBSD using ipfw. I would basically like to do the following. I want to install OpenBSD 3.5 or Possibly one of the FreeBSD 4.x, 5.x, 4-stable, current or whatever. Which would you all recommend using in this situation? I want to continue to use my nice newer, much faster computer to do all configurations to the system, updates, installing software, running apache, configuring firewall, etc. etc. etc. via ssh (good choice?) to the other/older box. Would really appreciate some insight on this topic. Networking/Security is becoming very interesting to my. Thanks. Don't forget, do I need any 'extra' hardware? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I can't speak for anyone else but myself, but here's my opinion on this. If you have an older box, you'll need 2 nics. One (external / serial interface) to the dsl modem (crossover cable), one to the lan side. If this is also to a PC, you'll need another crossover cable. If the old NEC is a 486 with at least 32 mb ram, that should be all you'll need hardware wise as long a it's got a couple of gig for drive space. If you want to enable full firewall logging, you'll need more disk space for that of course. What I'd recommend doing in your situation, is the same as I have here at home. Have the bsd box (I prefer freebsd myself) connect to your provider and pull the ip on the serial interface, then assign a private ip to the internal nic and to the systems behind it on the lan. Then on the bsd box, enable nat and the first rule of your firewall will be a divert rule to pass everything to NAT. For more info on this and it's configuration, check out http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/book.html or http://www.freebsddiary.org/ipfw.php If you're still wanting more info, then I'd recommend a google search for freebsd natd and / or freebsd ipfw to get a lot of good and useful info. Hope it helps. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
OpenBSD/ (maybe FreeBSD) Firewall/Router/DNS
Hello. I am currently running FreeBSD 4.9-RELEASE p-7. I am pretty comfortable with FreeBSD for the most part and really enjoy using it on a day to day basis. This is my thoughts. I have an older NEC PC that I would like to put to some use. First off I don't know if I need any 'extra' hardware. I have now 1 DSL modem (dhcp - could get static, is it worth getting?), 3 NICs, and 2 cables to connect the ethernet cards. I have just been reading up on Firewalls on FreeBSD using ipfw. I would basically like to do the following. I want to install OpenBSD 3.5 or Possibly one of the FreeBSD 4.x, 5.x, 4-stable, current or whatever. Which would you all recommend using in this situation? I want to continue to use my nice newer, much faster computer to do all configurations to the system, updates, installing software, running apache, configuring firewall, etc. etc. etc. via ssh (good choice?) to the other/older box. Would really appreciate some insight on this topic. Networking/Security is becoming very interesting to my. Thanks. Don't forget, do I need any 'extra' hardware? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]