From owner-freebsd-ipfw Sun Jan 16 2:44:51 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from pogo.caustic.org (pogo.caustic.org [208.44.193.69]) by hub.freebsd.org (Postfix) with ESMTP id 093FC1526A for ; Sun, 16 Jan 2000 02:44:49 -0800 (PST) (envelope-from jan@caustic.org) Received: from localhost (jan@localhost) by pogo.caustic.org (8.9.3/ignatz) with ESMTP id CAA62578; Sun, 16 Jan 2000 02:45:34 -0800 (PST) Date: Sun, 16 Jan 2000 02:45:34 -0800 (PST) From: "f.johan.beisser" To: Olaf Hoyer Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Simple router with basic firewall functionalioties In-Reply-To: <4.1.20000116041246.0097bd50@mail.rz.fh-wilhelmshaven.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG oof. make it hard ;) On Sun, 16 Jan 2000, Olaf Hoyer wrote: > >> I also thought about a SAMBA server, to ensure compatibility to exchanga > >> data with the M$ machines running here. Any security issues? > > > >yes, but i think a better question is why? > > We use a peer -to peer network here, with mostly M$ machines using > SMB/Netbeui/Netbios here. To transfer files, we mostly use the M$ directory > stuff to allow access and so. Its easy, and even the girls here can figure > it out... > BTW, it is explicitly forbidden here in our home to use stuff like FTP servers. hrm. ok, one solution is to forward $GOODPACKET through, perhaps have an explicitly allowed list of servers and such in your firewall ruleset. > >unless the machine is going to do more than just be a firewall... > That was my second thought, to capsule the main box completely from the > rest of the network. i cought the network map you made earlier.. ok, so it would be isolated/protected from the rest of the network, but with some access to support the various needed apps (divert and so on). i still look at this and think it's a Bad Idea (TM). unless.. well, i already mentioned filtering out everything except for a specific list of hosts you'd want to let in to your network segment. this might be the only real option. > >> Is it also possible to Send/receive the "messenging service" of NT, > >> respective the "Popups"? > SMB messenging (broadcast type, used by the "telephony/popup" application > in WIn3.x/Win9x/NT) well, i know for a fact that you can establish a connection through nat, while denying all incoming packets. this works for ftp (wich has two ports that it uses), and most other applications. -- jan +-----// f. johan beisser //------------------------------+ email: jan[at]caustic.org web: http://www.caustic.org/~jan "knowledge is power. power corrupts. study hard, be evil." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message