Security Basics mailing list archives
Re: Home Lan Needs Oppinion
From: Christopher Nehren <apeiron () comcast net>
Date: Thu, 17 Apr 2003 14:23:28 -0400
On Wed, 2003-04-16 at 23:51, Justyn K wrote:
I have 3 computers running windows xp connected to a linksys dsl/cable switch/router. I have a older 3rd computer I was wanting to run a freebsd firewall on because 1) I see all these ips connecting to my ports and I get a bit curious and paranoid 2) I really dont trust Linksys's firewall since it seems really limited. My question would be...would it be real useful for a newbie to install the freebsd...follow a howto and put it on the inet..or am I just asking for trouble. Should I just run the freebsd box behind the router/switch until I learn more? I mean after all my software firewalls havent picked up anything too unsual going past the linksys. Thanks!
If you're going for security, and plan to use a BSD system, I suggest using OpenBSD. It's pretty much made for what you want -- not to mention there are people -constantly- asking questions on the -misc mailing list about this, so any common problems you see are probably already answered. Also, because of OpenBSD's frequent usage in this role, there are many tutorials on the internet specifying how to use it for this. I went through hours of agony trying to get my machine set up like this, until I found the tutorials on the web -- I was then up within ten minutes (most of which was playing with wires and realizing I was missing one file which it told me to make). For example, take a look at http://mlowe.phpwebhosting.com/pages/openbsd29.html . That's the tutorial that I used, and it's been working great since. For an optimal setup you'll have your modem connected directly to your OpenBSD box, and then have a second NIC on that send the connection to a switch and have your machines connect to that. You -can- set the OBSD machine behind the router until you learn more, but note that you must set it as the Linksys Router's DMZ host for packet forwarding (using pf) to work. Once you have everything working inside of the router, you can take the wire going from the OBSD machine to the router and plug it directly into your modem. Note that this will change your OBSD machine's IP from the internal LAN address assigned to it by the Linksys hardware to your actual IP address (i.e. what you see when you go to http://checkip.dyndns.org ).
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Home Lan Needs Oppinion Justyn K (Apr 17)
- Re: Home Lan Needs Oppinion Joshua Moles (Apr 17)
- Re: Home Lan Needs Oppinion Christopher Nehren (Apr 17)