Security Basics mailing list archives

RE: Hardware + Software Router + OpenBSD DHCP / NAT

From: "Allan Schon" <allanschon () mckinleymachinery com>
Date: Tue, 15 Apr 2003 14:57:44 -0400

KAPIL,
        Would you care to elaborate? Why is it that you think Smoothwall is appropriate in this case?  Twice today, 
I've seen you recommend it, yet you haven't given any explanation.  If I didn't know that the list were moderated, I'd 
suspect that you worked for Smoothwall Ltd.  :^)

This isn't meant as a flame, but I'm interested in the reasoning behind your recommendation.

Thanks!

-----Original Message-----
From: * KAPIL * [mailto:kapil () kapilville com]
Sent: Monday, April 14, 2003 3:45 PM
To: security-basics () securityfocus com
Subject: RE: Hardware + Software Router + OpenBSD DHCP / NAT
Importance: High


Try www.smoothwall.org




-------------------------
Stand Up For Free Speech
http://www.eff.org

-----Original Message-----
From: Allan Schon [mailto:allanschon () mckinleymachinery com] 
Sent: Monday, April 14, 2003 6:25 AM
To: security-basics () securityfocus com
Subject: RE: Hardware + Software Router + OpenBSD DHCP / NAT


I use a Linux system for this very purpose.  If you're using the OpenBSD
box as a firewall, it would probably be simpler to eliminate the router
from the picture.  I'm not sure about the actual mechanics of it, but
I'm sure that 
using OpenBSD to route your connection will give you many more options,
and 
won't reduce your security appreciably.  This will give you something
like 
this:
                      *--DMZ hub/switch
                     /
cable modem--OBSD---*
                     \
                      *--protected LAN hub/switch

Provided that you know, or are ready to learn, how to configure OBSD's 
firewall software, this will give you a lot of flexibility and security.

-----Original Message-----
From: Christopher Nehren [mailto:apeiron () comcast net]
Sent: Wednesday, April 09, 2003 9:40 PM
To: security-basics () securityfocus com
Subject: Hardware + Software Router + OpenBSD DHCP / NAT


Currently I have a cable modem in my house which feeds into a router.
This router distributes the modem connection via DHCP to a few machines
on my home network. I have an old machine running OpenBSD, and I'd like
to know what a good (I suppose "best" would open a flame war?) solution
would be, in order to increase my home network security using the
OpenBSD system. I'm thinking of something like this: (please excuse my
pitiful attempt at ASCII art)

cable modem
        |
        |
        |
router with the OBSD's system set as the DMZ
        |
        | 
        - first ethernet interface on the OBSD machine
OpenBSD system running DHCP / NAT + PF
        - second ethernet interface on the OBSD machine
        |
        |
hub / switch 
        |
        |
client A / client B / client C ... / client Z


Would this work? Would it be more secure to have the modem go to the
OBSD box, then to a router, and then route the connection to the
machines on the network? My main (only) concern with this setup is the
security of my home network.

-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection. http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free
technical support. Stop SPAM before it stops you.
-------------------------------------------------------------------


-------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place.  www.blackhat.com
-------------------------------------------------------------------


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts.  The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches.  Deadline for the best rates is April 25.  Register today to
ensure your place.  http://www.securityfocus.com/BlackHat-security-basics
----------------------------------------------------------------------------

Current thread:

Hardware + Software Router + OpenBSD DHCP / NAT Christopher Nehren (Apr 11)
- RE: Hardware + Software Router + OpenBSD DHCP / NAT Jim Kelly (Apr 12)
- RE: Hardware + Software Router + OpenBSD DHCP / NAT mark (Apr 12)
- Re: Hardware + Software Router + OpenBSD DHCP / NAT Jason Burroughs (Apr 15)
- <Possible follow-ups>
- RE: Hardware + Software Router + OpenBSD DHCP / NAT Allan Schon (Apr 14)
  - RE: Hardware + Software Router + OpenBSD DHCP / NAT * KAPIL * (Apr 15)
- RE: Hardware + Software Router + OpenBSD DHCP / NAT Allan Schon (Apr 15)