Security Basics mailing list archives

Re: Home Lan Needs Oppinion

From: Christopher Nehren <apeiron () comcast net>
Date: Thu, 17 Apr 2003 14:23:28 -0400

On Wed, 2003-04-16 at 23:51, Justyn K wrote:

I have 3 computers running windows xp connected to a linksys dsl/cable 
switch/router. I have a older 3rd computer I was wanting to run a 
freebsd firewall on because 1) I see all these ips connecting to my 
ports and I get a bit curious and paranoid 2) I really dont trust 
Linksys's firewall since it seems really limited. My question would 
be...would it be real useful for a newbie to install the 
freebsd...follow a howto and put it on the inet..or am I just asking for 
trouble. Should I just run the freebsd box behind the router/switch 
until I learn more? I mean after all my software firewalls havent picked 
up anything too unsual going past the linksys. Thanks!


If you're going for security, and plan to use a BSD system, I suggest
using OpenBSD. It's pretty much made for what you want -- not to mention
there are people -constantly- asking questions on the -misc mailing list
about this, so any common problems you see are probably already
answered. Also, because of OpenBSD's frequent usage in this role, there
are many tutorials on the internet specifying how to use it for this. I
went through hours of agony trying to get my machine set up like this,
until I found the tutorials on the web -- I was then up within ten
minutes (most of which was playing with wires and realizing I was
missing one file which it told me to make). For example, take a look at
http://mlowe.phpwebhosting.com/pages/openbsd29.html . That's the
tutorial that I used, and it's been working great since.

For an optimal setup you'll have your modem connected directly to your
OpenBSD box, and then have a second NIC on that send the connection to a
switch and have your machines connect to that. You -can- set the OBSD
machine behind the router until you learn more, but note that you must
set it as the Linksys Router's DMZ host for packet forwarding (using pf)
to work. Once you have everything working inside of the router, you can
take the wire going from the OBSD machine to the router and plug it
directly into your modem. Note that this will change your OBSD machine's
IP from the internal LAN address assigned to it by the Linksys hardware
to your actual IP address (i.e. what you see when you go to
http://checkip.dyndns.org ).

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Home Lan Needs Oppinion Justyn K (Apr 17)
- Re: Home Lan Needs Oppinion Joshua Moles (Apr 17)
- Re: Home Lan Needs Oppinion Christopher Nehren (Apr 17)