From owner-freebsd-questions  Mon Apr  3 20:46:43 1995
Return-Path: questions-owner
Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id UAA01345 for questions-outgoing; Mon, 3 Apr 1995 20:46:43 -0700
Received: from palmer.demon.co.uk (root@palmer.demon.co.uk [158.152.50.150]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id UAA01338 for <freebsd-questions@freefall.cdrom.com>; Mon, 3 Apr 1995 20:46:39 -0700
Received: from localhost (gary@localhost [127.0.0.1])
	  by palmer.demon.co.uk (8.6.9/8.6.9) with SMTP id EAA02109
	  ; Tue, 4 Apr 1995 04:43:09 +0100
X-Authentication-Warning: palmer.demon.co.uk: Host localhost didn't use HELO protocol
To: mcw@hpato.aus.hp.com
cc: "freebsd-questions@freefall.cdrom.com" <freebsd-questions@freefall.cdrom.com>
Subject: Re: FreeBSD as router,firewall machine and terminal server 
In-reply-to: Your message of "Tue, 04 Apr 1995 13:13:33 EST."
             <199504040313.AA156615221@hp.com> 
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <2105.796966985.1@palmer.demon.co.uk>
Date: Tue, 04 Apr 1995 04:43:06 +0100
Message-ID: <2106.796966986@palmer.demon.co.uk>
From: Gary Palmer <gary@palmer.demon.co.uk>
Sender: questions-owner@FreeBSD.org
Precedence: bulk

In message <199504040313.AA156615221@hp.com>, mcw@hpato.aus.hp.com writes:
>Hi networking experts,
>   Presumably, for 1) I need gated and IPFORWARD ?

IPFORWARD, yes. Gated, probably not unless you are running more than
one subnet. Just set all (internal) machines default route to the FreeBSD
gateway and it should work.

>   for 2) I need an extremely secure system, and I remembered people
>   are talking about ipfirewall, deslogin etc, can some of them be
>   mixed together to achieve a secure system ?

For PPP you have two options... there are two firewalling systems
available. If you use /usr/bin/ppp with the tun driver, there is
built-in firewalling to the ppp program, and it also allows you to set
what triggers the dial-out if you set it to auto-dial. There is also
the `ipfw' utility which uses kernel level firewalls.

My suggestion would be to read the example given in
/etc/ppp/ppp.conf.filter.sample, as it sets up a firewall which allows
little or no access to the actual gateway machine apart from the
internal network.  However, it allows packets to be routed across the
PPP link in either direction.

>   for 3), I have no idea how I can turn a FreeBSD box into a terminal
>   server at all.

What sort of terminals? Dial in or hard wired? For hard wired terminals
it's relatively easy, you just set up /etc/ttys with the relevant info.
Dial-in is a bit more difficult, and what you want depends on whether you
want simple login access or to provide slip/ppp access.

Hope this helps some.

Gary