Re: quick router question
On 7/14/07, Jonathan Horne <[EMAIL PROTECTED]> wrote: i want to build a quick a dirty router for a dev environment. this freebsd is has 3 interfaces, and ill want anything to be able to access anything, no firewalling. back in the day, i would accomplish the same thing in linux by setting /proc/sys/net/ipv4/ip_forward to 1. is the "be a network gateway" from installation the only thing i need to set to allow this to happen? thanks, -- Jonathan Horne http://dfwlpiki.dfwlp.org [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" You can set the sysctl variable like so: sysctl net.inet.ip.forwarding=1; You can make this change perist across a reboot by appending the following to /etc/rc.conf: gateway_enable="YES" -Modulok- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
quick router question
i want to build a quick a dirty router for a dev environment. this freebsd is has 3 interfaces, and ill want anything to be able to access anything, no firewalling. back in the day, i would accomplish the same thing in linux by setting /proc/sys/net/ipv4/ip_forward to 1. is the "be a network gateway" from installation the only thing i need to set to allow this to happen? thanks, -- Jonathan Horne http://dfwlpiki.dfwlp.org [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
FreeBSD as router question
I'm trying to set up the following system. Any help is appreciated.
* A switch with VLAN 2 and VLAN 3
* A FreeBSD server with interfaces VLANs 2 and 3
* X Number of clients on VLAN 3
* VLAN 2: 192.168.0.0/24
* VLAN 3: 172.0.0.0/24
Clients must be able to get an address from DHCP on the FreeBSD server.
Currently I am using NAT, but the system must be implementable with or
without it.
New clients must be on a probationary status where all their traffic is
redirected to the FreeBSD server. They will remain there until they perform
some action (i.e. submit a web page). Once they affirm on the web page,
they will be added to a semi-permanent list. Clients on this list will be
routed normally.
I am able to allow or block servers using their MAC address and Layer 2
ipfw2 rules. Is it possible to modify these rules so that the redirection
takes place instead of blocking (rule 30999)?
# always allow ARP
00100 allow ip from any to any mac-type 0x0806
00105 skipto 3 ip from any to any MAC any any via vlan3
00110 skipto 31000 ip from any to any not layer2 via vlan3
# authorized client MAC
3 pipe 4 ip from any to any MAC 00:04:23:a6:40:d3 any out via vlan3
30001 pipe 40010 ip from any to any MAC any 00:04:23:a6:40:d3 in via vlan3
# deny all other macs; needs to change
30999 deny ip from any to any MAC any any via vlan3
# Broadcast traffic on port 67 of vlan3
31000 allow log logamount 1000 ip from any to 255.255.255.255 dst-port 67 via
vlan3
# anti-spoofing
31010 deny ip from any to any not verrevpath in via vlan3
31020 allow ip from 172.0.0.0/24 to any in via vlan3
31030 allow ip from any to 172.0.0.0/24 out via vlan3
# NAT
61000 divert 8668 ip from any to any via em0
65000 allow ip from any to any
65535 deny ip from any to any
--
;for (74,1970500640,1634627444,1751478816,1348825708,543711587,
1801810465){for($x=1<<1^1;$x>=1>>1;$x--) {$q=hex ff,$r=oct($x=~s,\d,$&*
10,e,$x),$x/=1/.1,$q<<=$r,$s.=chr (($_&$q)>>$r),$t++}}while($= ||= !$|)
{$o=$o?$?:$/;$|=1;print $o?$s:$"x$t if$;;print"\b"x$t;sleep 1}
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Router question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I was able to put something together. Aother PC. I've attached a copy of the dmesg of the other machine I have. This would be the section of the handbook on setting another pc up as a router wouldnt it? http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.html I just want to start learning about this in the right areas to begin with. I've never really understood nat. Think maybe I should install FreeBSD 5.1 on the other machine or is 4.8 ok for this purpose even ok if I want to start doing more advanced network/security settings. Is there any advances on using 5.1 over 4.8 in this situation? So how would I go about setting this other machine up as a router? The PC I am using now is the one I like to do all my work on. I will have the other PC probable on the floor just below my main PC. I have an extra DSL cable. Plus what into what? Kinda confused here. I run these services on my box. Thanks for the help. Bryan CUPS Apache PHP COURIER-IMAP POSTFIX SquirrelMail On Thu, 04 Dec 2003 03:15:38 -0500 Scott W <[EMAIL PROTECTED]> wrote: > Bryan Cassidy wrote: > > >-BEGIN PGP SIGNED MESSAGE- > >Hash: SHA1 > > > >Hello everyone. Hows everyone doing tongith/today? Well, I'm taking a > >week off of work and thought I would read up on Security/Networking > >and anything else to do with making my system/webserver secure. I am > >going to Best Buy (ya i know, but it's the only computer related > >store in this shitty town so.) to buy a router and was just wanting > >to see what people could recommend on which ones are good. I've nver > >really gotten into this kinda thing before but want to learn. Will > >there be anything extra that I should get while I'm at the store? > >Cables etc? I only have one pc is there any point in having a router > >with one pc? Any links to how to set this up on FreeBSD? Thanks in > >advance.-BEGIN PGP SIGNATURE- > >Version: GnuPG v1.2.3 (FreeBSD) > > > >iD8DBQE/zn4Bm8uTTHnDH3ERAsR1AKDTzQHhzHV0ei2OevUSo0jzdksikACghTjr > >QGg8Wa7hgX1Dr4vTXGjgCo8= > >=LXnN > >-END PGP SIGNATURE- > >___ > >[EMAIL PROTECTED] mailing list > >http://lists.freebsd.org/mailman/listinfo/freebsd-questions > >To unsubscribe, send any mail to > >"[EMAIL PROTECTED]" > > > > > > > If you've got only a single PC to connect, then the only reason for > wanting (not needing) a (presumably broadband) router is anything > fairly recent will do NAT (address translation, basically lets > 1 PC > share 1 public IP address). One of the 'side benefits' of NAT routers > is that they closes off connections initiated from the outside world > (the Net). Not that big of a deal with freeBSD, as the default > services running by default are pretty sensible (compared to past and > some current versions of Solaris, RedHat, SuSe etc etc), but this is > generally A Good Thing if you're running Windows at any point, or are > playing around with different services, as many of them have had > exploits in the past that script kiddies like to jump on. > > Of course, you can also turn your bsd system into a router by adding > another NIC, and then attaching a hub or switch to one NIC, and the > other to your DSL or cable modem... > > The disadvantage (serious annoyance IMHO) of 'hardware routers' > (opposed to software running on bsd or another *nix) is the general > lack of logging abilities. When I used to run several personal > domains, it was _amazing_ the number of portscans and IMAP and other > exploits that would be attempted on my systems. I personally like to > know what's being attempted against my systems, and most of the 'off > the shelf' routers from BestBuy, CompUSA etc are a far cry from Cisco > and others, who do run a 'real' (meaning user accessible) OS and can > handle logging as well as complex rules for port forwarding or > dropping routes > > As far as freebsd is concerned, if you do decide to get one for > whatever reason, the router is effectively dual homed, meaningin this > case, that it has an internal network IP (eg 192.168.1.254) as well as > an external IP which is what 'the world' sees, which is the IP > assigned to it via the cable/DSL modem/your ISP. You'll need to set > your 'internal' systems (your home PCs/systems) to have their default > gateway point to the internal IP of the router. That will be the case > regardless of whatever OS you run... > > Of course, even a 486 class system, with a minimal install of freebsd, > > with /usr mounted immutable, and a small hard drive, would make a > great router, and you could also play around with a remote log host > for logging, monitoring tools like logcheck, sentry, saint, and > others, as well as designating your own port forwarding and firewall > rulesets...if you decide to buy an 'off the shelf' router and still > want some sort of idea of who's trying to do what to your system(s), > you can port forward a
Re: Router question
Bryan Cassidy wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello everyone. Hows everyone doing tongith/today? Well, I'm taking a week off of work and thought I would read up on Security/Networking and anything else to do with making my system/webserver secure. I am going to Best Buy (ya i know, but it's the only computer related store in this shitty town so.) to buy a router and was just wanting to see what people could recommend on which ones are good. I've nver really gotten into this kinda thing before but want to learn. Will there be anything extra that I should get while I'm at the store? Cables etc? I only have one pc is there any point in having a router with one pc? Any links to how to set this up on FreeBSD? Thanks in advance. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/zn4Bm8uTTHnDH3ERAsR1AKDTzQHhzHV0ei2OevUSo0jzdksikACghTjr QGg8Wa7hgX1Dr4vTXGjgCo8= =LXnN -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" If you've got only a single PC to connect, then the only reason for wanting (not needing) a (presumably broadband) router is anything fairly recent will do NAT (address translation, basically lets > 1 PC share 1 public IP address). One of the 'side benefits' of NAT routers is that they closes off connections initiated from the outside world (the Net). Not that big of a deal with freeBSD, as the default services running by default are pretty sensible (compared to past and some current versions of Solaris, RedHat, SuSe etc etc), but this is generally A Good Thing if you're running Windows at any point, or are playing around with different services, as many of them have had exploits in the past that script kiddies like to jump on. Of course, you can also turn your bsd system into a router by adding another NIC, and then attaching a hub or switch to one NIC, and the other to your DSL or cable modem... The disadvantage (serious annoyance IMHO) of 'hardware routers' (opposed to software running on bsd or another *nix) is the general lack of logging abilities. When I used to run several personal domains, it was _amazing_ the number of portscans and IMAP and other exploits that would be attempted on my systems. I personally like to know what's being attempted against my systems, and most of the 'off the shelf' routers from BestBuy, CompUSA etc are a far cry from Cisco and others, who do run a 'real' (meaning user accessible) OS and can handle logging as well as complex rules for port forwarding or dropping routes As far as freebsd is concerned, if you do decide to get one for whatever reason, the router is effectively dual homed, meaningin this case, that it has an internal network IP (eg 192.168.1.254) as well as an external IP which is what 'the world' sees, which is the IP assigned to it via the cable/DSL modem/your ISP. You'll need to set your 'internal' systems (your home PCs/systems) to have their default gateway point to the internal IP of the router. That will be the case regardless of whatever OS you run... Of course, even a 486 class system, with a minimal install of freebsd, with /usr mounted immutable, and a small hard drive, would make a great router, and you could also play around with a remote log host for logging, monitoring tools like logcheck, sentry, saint, and others, as well as designating your own port forwarding and firewall rulesets...if you decide to buy an 'off the shelf' router and still want some sort of idea of who's trying to do what to your system(s), you can port forward a 'popular' port (like IMAP/139, http/80, and/or mail/25 to different ports on your local system and set things up to only log the connection instead of running the actual services.. Scott ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Router question
On Wednesday 03 December 2003 18:21, Bryan Cassidy <[EMAIL PROTECTED]> sent a missive stating: > Hello everyone. Hows everyone doing tongith/today? Well, I'm taking a > week off of work and thought I would read up on Security/Networking and > anything else to do with making my system/webserver secure. I am going > to Best Buy (ya i know, but it's the only computer related store in this > shitty town so.) to buy a router and was just wanting to see what people > could recommend on which ones are good. I've nver really gotten into > this kinda thing before but want to learn. Will there be anything extra > that I should get while I'm at the store? Cables etc? I only have one pc > is there any point in having a router with one pc? Any links to how to > set this up on FreeBSD? Thanks in advance. If you're really in a learning mood...hit up some friends for an old PII or junker lying around, throw 2 NICs in it and viola.. a router :) Probably a little harder to config then a Linksys you would find at BestBuy..but infinitely better :) Throw some big HD's in there and you have yourself a nice file server / backup server You'll realy be able to tweak it and learn much more about security, etc... plus nmapping your own boxes is always fun and won't get you in trouble :) My .02 Henrik -- Henrik Hudson [EMAIL PROTECTED] "`If there's anything more important than my ego around, I want it caught and shot now.'" --Hitchhikers Guide to the Galaxy ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Router question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello everyone. Hows everyone doing tongith/today? Well, I'm taking a week off of work and thought I would read up on Security/Networking and anything else to do with making my system/webserver secure. I am going to Best Buy (ya i know, but it's the only computer related store in this shitty town so.) to buy a router and was just wanting to see what people could recommend on which ones are good. I've nver really gotten into this kinda thing before but want to learn. Will there be anything extra that I should get while I'm at the store? Cables etc? I only have one pc is there any point in having a router with one pc? Any links to how to set this up on FreeBSD? Thanks in advance. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/zn4Bm8uTTHnDH3ERAsR1AKDTzQHhzHV0ei2OevUSo0jzdksikACghTjr QGg8Wa7hgX1Dr4vTXGjgCo8= =LXnN -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
