Security Basics mailing list archives
Re: Hardware + Software Router + OpenBSD DHCP / NAT
From: Jason Burroughs <jdog1016 () hotpop com>
Date: Mon, 14 Apr 2003 23:30:14 -0400
Well, with the configuration that you have drawn out there, the OpenBSD system is basically functioning as a router, so it seems rather redundant to have another router between it and the cable modem. If this were my network, I would simply eliminate the router altogether and put the OpenBSD system between the modem and the hub/switch. The only other suggestion that I might make, in the interests of security, would be to put DHCP on another computer connected to your hub/switch, if feasible, just to eliminate it as a possible service that an intruder may somehow exploit. Perhaps this isn't really necessary considering that you will be running a firewall on your OpenBSD box, but it might be a good idea anyway. Hope that helps.
Christopher Nehren wrote:
Currently I have a cable modem in my house which feeds into a router. This router distributes the modem connection via DHCP to a few machines on my home network. I have an old machine running OpenBSD, and I'd like to know what a good (I suppose "best" would open a flame war?) solution would be, in order to increase my home network security using the OpenBSD system. I'm thinking of something like this: (please excuse my pitiful attempt at ASCII art) cable modem | | | router with the OBSD's system set as the DMZ || - first ethernet interface on the OBSD machineOpenBSD system running DHCP / NAT + PF - second ethernet interface on the OBSD machine | |hub / switch || client A / client B / client C ... / client Z Would this work? Would it be more secure to have the modem go to the OBSD box, then to a router, and then route the connection to the machines on the network? My main (only) concern with this setup is the security of my home network.
-------------------------------------------------------------------Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. www.blackhat.com
-------------------------------------------------------------------
Current thread:
- Hardware + Software Router + OpenBSD DHCP / NAT Christopher Nehren (Apr 11)
- RE: Hardware + Software Router + OpenBSD DHCP / NAT Jim Kelly (Apr 12)
- RE: Hardware + Software Router + OpenBSD DHCP / NAT mark (Apr 12)
- Re: Hardware + Software Router + OpenBSD DHCP / NAT Jason Burroughs (Apr 15)
- <Possible follow-ups>
- RE: Hardware + Software Router + OpenBSD DHCP / NAT Allan Schon (Apr 14)
- RE: Hardware + Software Router + OpenBSD DHCP / NAT * KAPIL * (Apr 15)
- RE: Hardware + Software Router + OpenBSD DHCP / NAT Allan Schon (Apr 15)