From owner-freebsd-questions@FreeBSD.ORG Thu Jun 18 23:12:18 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B32E8106566C for ; Thu, 18 Jun 2009 23:12:18 +0000 (UTC) (envelope-from bryant.eadon@gmail.com) Received: from mail-gx0-f207.google.com (mail-gx0-f207.google.com [209.85.217.207]) by mx1.freebsd.org (Postfix) with ESMTP id 2EE498FC17 for ; Thu, 18 Jun 2009 23:12:17 +0000 (UTC) (envelope-from bryant.eadon@gmail.com) Received: by gxk3 with SMTP id 3so2012384gxk.19 for ; Thu, 18 Jun 2009 16:12:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:reply-to :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=MyoLvg0+unefcUOBF1JAht5FB3DLd8m0jxHq3c79chM=; b=eV3LCamyZHZcMI5SDehmZwzCk+wh1BQLFbjcqMEdl+yuemrqauLWKrXhZ+8wzmeG3i hPPqHm36efwM5DK8WlfO6WDdomA8E0vi5vyOWasAXMvrX/EcFL7xjThdfsRJGlWZjtx+ 9/fXalDgSvHbO3rXNCMAzjCdV64KLi4vepe+4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=RuTXiCb/a5oFhFeq7D8w0jTh91pT2sM77nLRvxlRIgpevhUpGfi/NjPr1Oxo0HuSwV L05pr8eyQaFSa1WNvvphrBsf3TqttKzOCdPxZkJ5ycF8Y8lS0zX4jCk5+FtfZVpM7+5W dZbfRN5Es5j+lx6ONGXpaWdAAiWtMcuSjYC1s= Received: by 10.90.92.16 with SMTP id p16mr1551144agb.19.1245365302223; Thu, 18 Jun 2009 15:48:22 -0700 (PDT) Received: from ?192.168.1.4? (itsf207.itsnpt.com [64.119.85.207]) by mx.google.com with ESMTPS id 11sm5378452aga.70.2009.06.18.15.48.20 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 18 Jun 2009 15:48:20 -0700 (PDT) Message-ID: <4A3AC428.2000608@gmail.com> Date: Thu, 18 Jun 2009 18:48:08 -0400 From: Bryant Eadon User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: Gary Kline References: <20090604211637.GA4285@thought.org> In-Reply-To: <20090604211637.GA4285@thought.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Mailing List Subject: Re: time to ask for help... . X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bryant.eadon@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2009 23:12:19 -0000 Gary Kline wrote: > The way my site is now configured, my ISP > (Qwest) baby-bell has its router connected to my pfSense firewall. The > firewall computer connects to my FreeBSD server which handles my DNS, > mail, and web. The server then fans out to my several desktops. This > one, my laptop, my daughter's MacBook, and has a spare CAT5 for my wife's > PC. Since this sounds like a home setup, in terms of raw power usage I'm inclined to suggest a tighter integration of router, DNS and firewall functionality by putting this all into something like OpenWRT on a decent off-the-shelf router, thereby eliminating the Qwest router, firewall machine and possibly mail/web if it's low volume enough and/or you pick up a router with a USB connection for storage. Try an Asus WL-500G Premium (version 1 is my favorite) if you go that route. This would free up the server for other tasks, obsolete 2 boxes (and possibly the server), spice up your life with easy to install SNMP monitoring of connections and give your family wifi ... but I digress... > At a minimum, I'd like to have CVS working on at least my server. http://www.freebsd.org/doc/en_US.ISO8859-1/articles/cvs-freebsd/article.html > I used ipf and/or IPFW .... managed to catch and kill > hundreds of kiddie-scripters trying to crack in. But with pfSense and > how things are *now*, I'm in the dark. You're looking for an intrusion detection system (IDS). For FreeBSD you might leverage 'grok' written by Jordan Sissel, which, isn't an IDS, but it will play like one : http://www.semicomplete.com/projects/grok/ You could also do something like this : http://surachartopun.com/2008/06/example-how-to-monitorby-e-mail-auth.html ...monitor your auth logs for bandits with email alerts. That should get you started :) -Bryant