Security Basics mailing list archives
RE: Hardware + Software Router + OpenBSD DHCP / NAT
From: "Allan Schon" <allanschon () mckinleymachinery com>
Date: Tue, 15 Apr 2003 14:57:44 -0400
KAPIL, Would you care to elaborate? Why is it that you think Smoothwall is appropriate in this case? Twice today, I've seen you recommend it, yet you haven't given any explanation. If I didn't know that the list were moderated, I'd suspect that you worked for Smoothwall Ltd. :^) This isn't meant as a flame, but I'm interested in the reasoning behind your recommendation. Thanks! -----Original Message----- From: * KAPIL * [mailto:kapil () kapilville com] Sent: Monday, April 14, 2003 3:45 PM To: security-basics () securityfocus com Subject: RE: Hardware + Software Router + OpenBSD DHCP / NAT Importance: High Try www.smoothwall.org ------------------------- Stand Up For Free Speech http://www.eff.org -----Original Message----- From: Allan Schon [mailto:allanschon () mckinleymachinery com] Sent: Monday, April 14, 2003 6:25 AM To: security-basics () securityfocus com Subject: RE: Hardware + Software Router + OpenBSD DHCP / NAT I use a Linux system for this very purpose. If you're using the OpenBSD box as a firewall, it would probably be simpler to eliminate the router from the picture. I'm not sure about the actual mechanics of it, but I'm sure that using OpenBSD to route your connection will give you many more options, and won't reduce your security appreciably. This will give you something like this: *--DMZ hub/switch / cable modem--OBSD---* \ *--protected LAN hub/switch Provided that you know, or are ready to learn, how to configure OBSD's firewall software, this will give you a lot of flexibility and security. -----Original Message----- From: Christopher Nehren [mailto:apeiron () comcast net] Sent: Wednesday, April 09, 2003 9:40 PM To: security-basics () securityfocus com Subject: Hardware + Software Router + OpenBSD DHCP / NAT Currently I have a cable modem in my house which feeds into a router. This router distributes the modem connection via DHCP to a few machines on my home network. I have an old machine running OpenBSD, and I'd like to know what a good (I suppose "best" would open a flame war?) solution would be, in order to increase my home network security using the OpenBSD system. I'm thinking of something like this: (please excuse my pitiful attempt at ASCII art) cable modem | | | router with the OBSD's system set as the DMZ | | - first ethernet interface on the OBSD machine OpenBSD system running DHCP / NAT + PF - second ethernet interface on the OBSD machine | | hub / switch | | client A / client B / client C ... / client Z Would this work? Would it be more secure to have the modem go to the OBSD box, then to a router, and then route the connection to the machines on the network? My main (only) concern with this setup is the security of my home network. ------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you. ------------------------------------------------------------------- ------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. www.blackhat.com ------------------------------------------------------------------- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics ----------------------------------------------------------------------------
Current thread:
- Hardware + Software Router + OpenBSD DHCP / NAT Christopher Nehren (Apr 11)
- RE: Hardware + Software Router + OpenBSD DHCP / NAT Jim Kelly (Apr 12)
- RE: Hardware + Software Router + OpenBSD DHCP / NAT mark (Apr 12)
- Re: Hardware + Software Router + OpenBSD DHCP / NAT Jason Burroughs (Apr 15)
- <Possible follow-ups>
- RE: Hardware + Software Router + OpenBSD DHCP / NAT Allan Schon (Apr 14)
- RE: Hardware + Software Router + OpenBSD DHCP / NAT * KAPIL * (Apr 15)
- RE: Hardware + Software Router + OpenBSD DHCP / NAT Allan Schon (Apr 15)