RE: Hardware + Software Router + OpenBSD DHCP / NAT

["mark" <mark () diogenesinc com>]

why even use the router ?  you should be able to use the openbsd box as your
firewall without the router

-----Original Message-----
From: Christopher Nehren [mailto:apeiron () comcast net]
Sent: Wednesday, April 09, 2003 9:40 PM
To: security-basics () securityfocus com
Subject: Hardware + Software Router + OpenBSD DHCP / NAT


Currently I have a cable modem in my house which feeds into a router.
This router distributes the modem connection via DHCP to a few machines
on my home network. I have an old machine running OpenBSD, and I'd like
to know what a good (I suppose "best" would open a flame war?) solution
would be, in order to increase my home network security using the
OpenBSD system. I'm thinking of something like this: (please excuse my
pitiful attempt at ASCII art)

cable modem
        |
        |
        |
router with the OBSD's system set as the DMZ
        |
        |
        - first ethernet interface on the OBSD machine
OpenBSD system running DHCP / NAT + PF
        - second ethernet interface on the OBSD machine
        |
        |
hub / switch
        |
        |
client A / client B / client C ... / client Z


Would this work? Would it be more secure to have the modem go to the
OBSD box, then to a router, and then route the connection to the
machines on the network? My main (only) concern with this setup is the
security of my home network.


-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------