Date: Tue, 04 Apr 1995 04:43:06 +0100 From: Gary Palmer <gary@palmer.demon.co.uk> To: mcw@hpato.aus.hp.com Cc: "freebsd-questions@freefall.cdrom.com" <freebsd-questions@freefall.cdrom.com> Subject: Re: FreeBSD as router,firewall machine and terminal server Message-ID: <2106.796966986@palmer.demon.co.uk> In-Reply-To: Your message of "Tue, 04 Apr 1995 13:13:33 EST." <199504040313.AA156615221@hp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199504040313.AA156615221@hp.com>, mcw@hpato.aus.hp.com writes: >Hi networking experts, > Presumably, for 1) I need gated and IPFORWARD ? IPFORWARD, yes. Gated, probably not unless you are running more than one subnet. Just set all (internal) machines default route to the FreeBSD gateway and it should work. > for 2) I need an extremely secure system, and I remembered people > are talking about ipfirewall, deslogin etc, can some of them be > mixed together to achieve a secure system ? For PPP you have two options... there are two firewalling systems available. If you use /usr/bin/ppp with the tun driver, there is built-in firewalling to the ppp program, and it also allows you to set what triggers the dial-out if you set it to auto-dial. There is also the `ipfw' utility which uses kernel level firewalls. My suggestion would be to read the example given in /etc/ppp/ppp.conf.filter.sample, as it sets up a firewall which allows little or no access to the actual gateway machine apart from the internal network. However, it allows packets to be routed across the PPP link in either direction. > for 3), I have no idea how I can turn a FreeBSD box into a terminal > server at all. What sort of terminals? Dial in or hard wired? For hard wired terminals it's relatively easy, you just set up /etc/ttys with the relevant info. Dial-in is a bit more difficult, and what you want depends on whether you want simple login access or to provide slip/ppp access. Hope this helps some. Gary
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2106.796966986>