Date: Thu, 4 Dec 2003 15:05:16 -0600 From: Bryan Cassidy <b_cassidy@bellsouth.net> To: freebsd-questions@freebsd.org Subject: Re: Router question Message-ID: <20031204150516.14065bc0.b_cassidy@bellsouth.net> In-Reply-To: <3FCEED2A.5060103@mindcore.net> References: <20031203182121.0cf47a5c.b_cassidy@bellsouth.net> <3FCEED2A.5060103@mindcore.net>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I was able to put something together. Aother PC. I've attached a copy of the dmesg of the other machine I have. This would be the section of the handbook on setting another pc up as a router wouldnt it? http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.html I just want to start learning about this in the right areas to begin with. I've never really understood nat. Think maybe I should install FreeBSD 5.1 on the other machine or is 4.8 ok for this purpose even ok if I want to start doing more advanced network/security settings. Is there any advances on using 5.1 over 4.8 in this situation? So how would I go about setting this other machine up as a router? The PC I am using now is the one I like to do all my work on. I will have the other PC probable on the floor just below my main PC. I have an extra DSL cable. Plus what into what? Kinda confused here. I run these services on my box. Thanks for the help. Bryan CUPS Apache PHP COURIER-IMAP POSTFIX SquirrelMail On Thu, 04 Dec 2003 03:15:38 -0500 Scott W <wegster@mindcore.net> wrote: > Bryan Cassidy wrote: > > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA1 > > > >Hello everyone. Hows everyone doing tongith/today? Well, I'm taking a > >week off of work and thought I would read up on Security/Networking > >and anything else to do with making my system/webserver secure. I am > >going to Best Buy (ya i know, but it's the only computer related > >store in this shitty town so.) to buy a router and was just wanting > >to see what people could recommend on which ones are good. I've nver > >really gotten into this kinda thing before but want to learn. Will > >there be anything extra that I should get while I'm at the store? > >Cables etc? I only have one pc is there any point in having a router > >with one pc? Any links to how to set this up on FreeBSD? Thanks in > >advance.-----BEGIN PGP SIGNATURE----- > >Version: GnuPG v1.2.3 (FreeBSD) > > > >iD8DBQE/zn4Bm8uTTHnDH3ERAsR1AKDTzQHhzHV0ei2OevUSo0jzdksikACghTjr > >QGg8Wa7hgX1Dr4vTXGjgCo8= > >=LXnN > >-----END PGP SIGNATURE----- > >_______________________________________________ > >freebsd-questions@freebsd.org mailing list > >http://lists.freebsd.org/mailman/listinfo/freebsd-questions > >To unsubscribe, send any mail to > >"freebsd-questions-unsubscribe@freebsd.org" > > > > > > > If you've got only a single PC to connect, then the only reason for > wanting (not needing) a (presumably broadband) router is anything > fairly recent will do NAT (address translation, basically lets > 1 PC > share 1 public IP address). One of the 'side benefits' of NAT routers > is that they closes off connections initiated from the outside world > (the Net). Not that big of a deal with freeBSD, as the default > services running by default are pretty sensible (compared to past and > some current versions of Solaris, RedHat, SuSe etc etc), but this is > generally A Good Thing if you're running Windows at any point, or are > playing around with different services, as many of them have had > exploits in the past that script kiddies like to jump on. > > Of course, you can also turn your bsd system into a router by adding > another NIC, and then attaching a hub or switch to one NIC, and the > other to your DSL or cable modem... > > The disadvantage (serious annoyance IMHO) of 'hardware routers' > (opposed to software running on bsd or another *nix) is the general > lack of logging abilities. When I used to run several personal > domains, it was _amazing_ the number of portscans and IMAP and other > exploits that would be attempted on my systems. I personally like to > know what's being attempted against my systems, and most of the 'off > the shelf' routers from BestBuy, CompUSA etc are a far cry from Cisco > and others, who do run a 'real' (meaning user accessible) OS and can > handle logging as well as complex rules for port forwarding or > dropping routes.... > > As far as freebsd is concerned, if you do decide to get one for > whatever reason, the router is effectively dual homed, meaningin this > case, that it has an internal network IP (eg 192.168.1.254) as well as > an external IP which is what 'the world' sees, which is the IP > assigned to it via the cable/DSL modem/your ISP. You'll need to set > your 'internal' systems (your home PCs/systems) to have their default > gateway point to the internal IP of the router. That will be the case > regardless of whatever OS you run... > > Of course, even a 486 class system, with a minimal install of freebsd, > > with /usr mounted immutable, and a small hard drive, would make a > great router, and you could also play around with a remote log host > for logging, monitoring tools like logcheck, sentry, saint, and > others, as well as designating your own port forwarding and firewall > rulesets...if you decide to buy an 'off the shelf' router and still > want some sort of idea of who's trying to do what to your system(s), > you can port forward a 'popular' port (like IMAP/139, http/80, and/or > mail/25 to different ports on your local system and set things up to > only log the connection instead of running the actual services...... > > > Scott > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/z6GMm8uTTHnDH3ERAm1MAJsF09ewS/A3s1U/VH2u6NbCJQzVZQCguGJh +CwTOovNglGX7qe10R1lfOk= =PwDF -----END PGP SIGNATURE----- [-- Attachment #2 --] Script started on Thu Dec 4 14:33:51 2003 > dmesg Copyright (c) 1992-2003 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.8-RELEASE #0: Thu Apr 3 10:53:38 GMT 2003 root@freebsd-stable.sentex.ca:/usr/obj/usr/src/sys/GENERIC Timecounter "i8254" frequency 1193182 Hz CPU: Pentium II/Pentium II Xeon/Celeron (433.38-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x665 Stepping = 5 Features=0x183f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR> real memory = 331284480 (323520K bytes) avail memory = 316723200 (309300K bytes) Preloaded elf kernel "kernel" at 0xc051d000. Pentium Pro MTRR support enabled md0: Malloc disk Using $PIR table, 8 entries at 0xc00fdda0 npx0: <math processor> on motherboard npx0: INT 16 interface pcib0: <Host to PCI bridge> on motherboard pci0: <PCI bus> on pcib0 agp0: <SIS Generic host to PCI bridge> mem 0xe0000000-0xe3ffffff at device 0.0 on pci0 atapci0: <SiS 5591 ATA66 controller> port 0x4000-0x400f,0x374-0x377,0x170-0x177,0x3f4-0x3f7,0x1f0-0x1f7 irq 14 at device 0.1 on pci0 ata0: at 0x1f0 irq 14 on atapci0 ata1: at 0x170 irq 15 on atapci0 isab0: <SiS 85c503 PCI-ISA bridge> at device 1.0 on pci0 isa0: <ISA bus> on isab0 pci0: <unknown card> (vendor=0x1039, dev=0x0009) at 1.1 ohci0: <SiS 5571 USB controller> mem 0xe5a00000-0xe5a00fff irq 5 at device 1.2 on pci0 usb0: OHCI version 1.0, legacy support usb0: <SiS 5571 USB controller> on ohci0 usb0: USB revision 1.0 uhub0: SiS OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhub1: Texas Instruments UT-USB41 hub, class 9/0, rev 1.10/1.10, addr 2 uhub1: 4 ports with 4 removable, bus powered ukbd0: Microsoft Microsoft Natural Keyboard Pro, rev 1.10/1.11, addr 3, iclass 3/1 kbd0 at ukbd0 uhid0: Microsoft Microsoft Natural Keyboard Pro, rev 1.10/1.11, addr 3, iclass 3/0 ums0: Microsoft Microsoft Wheel Mouse Optical\M-., rev 1.10/1.21, addr 4, iclass 3/1 ums0: 3 buttons and Z dir. pcib2: <PCI to PCI bridge (vendor=1039 device=0001)> at device 2.0 on pci0 pci1: <PCI bus> on pcib2 pci1: <SiS 530/620 SVGA controller> at 0.0 xl0: <3Com 3c900B-TPO Etherlink XL> port 0xd000-0xd07f mem 0xe5a01000-0xe5a0107f irq 11 at device 9.0 on pci0 xl0: Ethernet address: 00:01:02:86:2d:ce xl0: selecting 10baseT transceiver, half duplex pci0: <unknown card> (vendor=0x1105, dev=0x8300) at 13.0 irq 10 pci0: <unknown card> (vendor=0x125d, dev=0x1969) at 15.0 irq 12 pci0: <unknown card> (vendor=0x11c1, dev=0x0441) at 17.0 irq 10 pcib1: <SiS 5591 host to AGP bridge> on motherboard pci2: <PCI bus> on pcib1 orm0: <Option ROM> at iomem 0xc0000-0xc7fff on isa0 fdc0: <NEC 72065B or clone> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0 fdc0: FIFO enabled, 8 bytes threshold fd0: <1440-KB 3.5" drive> on fdc0 drive 0 atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0 vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 sc0: <System console> at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> sio0: configured irq 4 not in bitmap of probed irqs 0 sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 sio0: type 8250 sio1 at port 0x2f8-0x2ff irq 3 on isa0 sio1: type 16550A ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0 ppc0: Generic chipset (EPP/NIBBLE) in COMPATIBLE mode plip0: <PLIP network interface> on ppbus0 lpt0: <Printer> on ppbus0 lpt0: Interrupt-driven port ppi0: <Parallel I/O> on ppbus0 usb0: scheduling overrun usb0: scheduling overrun ad0: 10300MB <Maxtor 91080D5> [20928/16/63] at ata0-master UDMA33 acd0: DVD-ROM <CREATIVE DVD-ROM DVD6240E> at ata0-slave PIO4 acd1: CDROM <LTN301> at ata1-master PIO4 acd2: CD-RW <R/RW 2x2x24> at ata1-slave PIO4 Mounting root from ufs:/dev/ad0s1a ad0: WRITE command timeout tag=0 serv=0 - resetting ata0: resetting devices .. done ad0: WRITE command timeout tag=0 serv=0 - resetting ata0: resetting devices .. done ad0: WRITE command timeout tag=0 serv=0 - resetting ata0: resetting devices .. done ad0: WRITE command timeout tag=0 serv=0 - resetting ad0: trying fallback to PIO mode ata0: resetting devices .. done > exit exit Script done on Thu Dec 4 14:33:55 2003help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031204150516.14065bc0.b_cassidy>