From owner-freebsd-questions@FreeBSD.ORG Wed Dec 3 21:19:54 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9487716A4CE for ; Wed, 3 Dec 2003 21:19:54 -0800 (PST) Received: from ms-smtp-02-eri0.southeast.rr.com (ms-smtp-02-lbl.southeast.rr.com [24.25.9.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 27F8343F3F for ; Wed, 3 Dec 2003 21:19:53 -0800 (PST) (envelope-from wegster@mindcore.net) Received: from mindcore.net (rdu163-100-105.nc.rr.com [24.163.100.105]) hB45Jnav002319; Thu, 4 Dec 2003 00:19:49 -0500 (EST) Message-ID: <3FCEED2A.5060103@mindcore.net> Date: Thu, 04 Dec 2003 03:15:38 -0500 From: Scott W User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Bryan Cassidy References: <20031203182121.0cf47a5c.b_cassidy@bellsouth.net> In-Reply-To: <20031203182121.0cf47a5c.b_cassidy@bellsouth.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine cc: freebsd-questions@freebsd.org Subject: Re: Router question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Dec 2003 05:19:54 -0000 Bryan Cassidy wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Hello everyone. Hows everyone doing tongith/today? Well, I'm taking a >week off of work and thought I would read up on Security/Networking and >anything else to do with making my system/webserver secure. I am going >to Best Buy (ya i know, but it's the only computer related store in this >shitty town so.) to buy a router and was just wanting to see what people >could recommend on which ones are good. I've nver really gotten into >this kinda thing before but want to learn. Will there be anything extra >that I should get while I'm at the store? Cables etc? I only have one pc >is there any point in having a router with one pc? Any links to how to >set this up on FreeBSD? Thanks in advance. >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.3 (FreeBSD) > >iD8DBQE/zn4Bm8uTTHnDH3ERAsR1AKDTzQHhzHV0ei2OevUSo0jzdksikACghTjr >QGg8Wa7hgX1Dr4vTXGjgCo8= >=LXnN >-----END PGP SIGNATURE----- >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > If you've got only a single PC to connect, then the only reason for wanting (not needing) a (presumably broadband) router is anything fairly recent will do NAT (address translation, basically lets > 1 PC share 1 public IP address). One of the 'side benefits' of NAT routers is that they closes off connections initiated from the outside world (the Net). Not that big of a deal with freeBSD, as the default services running by default are pretty sensible (compared to past and some current versions of Solaris, RedHat, SuSe etc etc), but this is generally A Good Thing if you're running Windows at any point, or are playing around with different services, as many of them have had exploits in the past that script kiddies like to jump on. Of course, you can also turn your bsd system into a router by adding another NIC, and then attaching a hub or switch to one NIC, and the other to your DSL or cable modem... The disadvantage (serious annoyance IMHO) of 'hardware routers' (opposed to software running on bsd or another *nix) is the general lack of logging abilities. When I used to run several personal domains, it was _amazing_ the number of portscans and IMAP and other exploits that would be attempted on my systems. I personally like to know what's being attempted against my systems, and most of the 'off the shelf' routers from BestBuy, CompUSA etc are a far cry from Cisco and others, who do run a 'real' (meaning user accessible) OS and can handle logging as well as complex rules for port forwarding or dropping routes.... As far as freebsd is concerned, if you do decide to get one for whatever reason, the router is effectively dual homed, meaningin this case, that it has an internal network IP (eg 192.168.1.254) as well as an external IP which is what 'the world' sees, which is the IP assigned to it via the cable/DSL modem/your ISP. You'll need to set your 'internal' systems (your home PCs/systems) to have their default gateway point to the internal IP of the router. That will be the case regardless of whatever OS you run... Of course, even a 486 class system, with a minimal install of freebsd, with /usr mounted immutable, and a small hard drive, would make a great router, and you could also play around with a remote log host for logging, monitoring tools like logcheck, sentry, saint, and others, as well as designating your own port forwarding and firewall rulesets...if you decide to buy an 'off the shelf' router and still want some sort of idea of who's trying to do what to your system(s), you can port forward a 'popular' port (like IMAP/139, http/80, and/or mail/25 to different ports on your local system and set things up to only log the connection instead of running the actual services...... Scott