Security Basics mailing list archives

RE: Hardware + Software Router + OpenBSD DHCP / NAT

From: Jim Kelly <jim () essistants com>
Date: Fri, 11 Apr 2003 13:50:11 -0400

Although it's not OpenBSD, I use the Dachstein release of the Linux
Router Project Family.  It has worked great for me so far, and I wasn't
able to find much in the way of security issues with it.  You can check
it out at lrp.steinkuehler.net.  If you don't like it, you can just pop
the floppy out and you have your system back.  If you have any questions
about getting it to work or whatever, you can contact me off list.

Jim

-----Original Message-----
From: Christopher Nehren [mailto:apeiron () comcast net] 
Sent: Wednesday, April 09, 2003 9:40 PM
To: security-basics () securityfocus com
Subject: Hardware + Software Router + OpenBSD DHCP / NAT

Currently I have a cable modem in my house which feeds into a router.
This router distributes the modem connection via DHCP to a few machines
on my home network. I have an old machine running OpenBSD, and I'd like
to know what a good (I suppose "best" would open a flame war?) solution
would be, in order to increase my home network security using the
OpenBSD system. I'm thinking of something like this: (please excuse my
pitiful attempt at ASCII art)

cable modem
        |
        |
        |
router with the OBSD's system set as the DMZ
        |
        | 
        - first ethernet interface on the OBSD machine
OpenBSD system running DHCP / NAT + PF
        - second ethernet interface on the OBSD machine
        |
        |
hub / switch 
        |
        |
client A / client B / client C ... / client Z


Would this work? Would it be more secure to have the modem go to the
OBSD box, then to a router, and then route the connection to the
machines on the network? My main (only) concern with this setup is the
security of my home network.


-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------

Current thread:

Hardware + Software Router + OpenBSD DHCP / NAT Christopher Nehren (Apr 11)
- RE: Hardware + Software Router + OpenBSD DHCP / NAT Jim Kelly (Apr 12)
- RE: Hardware + Software Router + OpenBSD DHCP / NAT mark (Apr 12)
- Re: Hardware + Software Router + OpenBSD DHCP / NAT Jason Burroughs (Apr 15)
- <Possible follow-ups>
- RE: Hardware + Software Router + OpenBSD DHCP / NAT Allan Schon (Apr 14)
  - RE: Hardware + Software Router + OpenBSD DHCP / NAT * KAPIL * (Apr 15)
- RE: Hardware + Software Router + OpenBSD DHCP / NAT Allan Schon (Apr 15)