From owner-freebsd-newbies@FreeBSD.ORG Wed Dec 15 01:12:01 2004 Return-Path: Delivered-To: freebsd-newbies@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A4CC16A4CE for ; Wed, 15 Dec 2004 01:12:01 +0000 (GMT) Received: from asclepius.uwa.edu.au (asclepius3.uwa.edu.au [130.95.128.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E63643D2D for ; Wed, 15 Dec 2004 01:12:00 +0000 (GMT) (envelope-from zanchey@mussel.ucc.gu.uwa.edu.au) Received: from asclepius.kas (localhost.localdomain [127.0.0.1]) by asclepius.uwa.edu.au (Postfix) with SMTP id 5BE98184321 for ; Wed, 15 Dec 2004 09:11:34 +0800 (WST) Received: from asclepius (localhost.localdomain [127.0.0.1]) by asclepius.prekas (Postfix) with SMTP id 4A70918424D for ; Wed, 15 Dec 2004 09:11:34 +0800 (WST) X-UWA-Client-IP: 130.95.13.9 (UWA) Received: from mooneye.ucc.gu.uwa.edu.au (mooneye.ucc.gu.uwa.edu.au [130.95.13.9]) by asclepius.input (Postfix) with ESMTP id 318DC1842CE for ; Wed, 15 Dec 2004 09:11:34 +0800 (WST) Received: by mooneye.ucc.gu.uwa.edu.au (Postfix, from userid 801) id 5EBC317F18; Wed, 15 Dec 2004 09:11:33 +0800 (WST) Received: from mussel (mussel.ucc.gu.uwa.edu.au [130.95.13.18]) by mooneye.ucc.gu.uwa.edu.au (Postfix) with ESMTP id 0530617E99; Wed, 15 Dec 2004 09:11:32 +0800 (WST) Received: from zanchey (helo=localhost) by mussel with local-esmtp (Exim 3.36 #1 (Debian)) id 1CeNhU-0005w2-00; Wed, 15 Dec 2004 09:11:32 +0800 Date: Wed, 15 Dec 2004 09:11:32 +0800 (WST) From: David Adam To: "R. Scott Kennan" In-Reply-To: Message-ID: References: <41BDC787.40000@daleco.biz> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: David Adam X-SpamTest-Info: Profile: Formal (173/041213) X-SpamTest-Info: Profile: Detect Hard [UCS 290904] X-SpamTest-Info: Profile: SysLog X-SpamTest-Info: Profile: Marking Spam - Subject (UCS) [02-08-04] X-SpamTest-Status: Not detected X-SpamTest-Version: SMTP-Filter Version 2.0.0 [0125], KAS/Release cc: freebsd-newbies@freebsd.org Subject: Re: Home Network, step by step? X-BeenThere: freebsd-newbies@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Gathering place for new users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Dec 2004 01:12:01 -0000 On Tue, 14 Dec 2004, R. Scott Kennan wrote: > One other thing I don't understand is why I'm being told to install > the firewall in this context; are firewalls more than just an > intrusion countermeasure? Do they do any 'lifting' on a network beyond > blocking unauthorised transfers? They do now. Partly in response to cleverer security threats, and partly as a convergence between routing and firewalling, most modern firewalls - like ipf and pf in FreeBSD - are now not so much firewalls, but packet filters. They have the ability to inspect and modify any packets going in any direction on various interfaces. This makes them an invaluable tool on routers in any environment (except, perhaps, Internet core routers, but they're another case entirely). By the way, someone up the thread a bit recommended you start running IPFW (IPFIREWALL). While I'm not currently in a position to give you instructions as detailed as James did, I would recommend you start with either ipf or pf. IPFW is much older and is somewhat less well maintained, the documentation in particular. >From the Handbook's IPFW Chapter... http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html "The IPFW stateless rule syntax is empowered with technically sophisticated selection capabilities which far surpasses the knowledge level of the customary firewall installer. IPFW is targeted at the professional user or the advanced technical computer hobbyist who have advanced packet selection requirements." (Proper use of freebsd-newbies@ approaching!) I've had superb results with pf (although for full effect, it will require a kernel rebuild). The pf documentation at OpenBSD is very well written and easy to follow. Setting up NAT can be a somewhat daunting task (personally, I do it at home with Windows' ICS, which is an absolute no-brainer) - however, once you get it working it is extremely useful. Best of luck! (I really should get back to work - if I can get my system at home logged on to the 'net I'll try and run you through the basics of setting it up if you still need it.) Cheers, David Adam --- zanchey@ucc.gu.uwa.edu.au Medicine: And you thought hacking computers was complex.