From owner-freebsd-questions@FreeBSD.ORG  Thu Dec  4 12:00:04 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1CA9516A4CE
	for <freebsd-questions@freebsd.org>;
	Thu,  4 Dec 2003 12:00:04 -0800 (PST)
Received: from imf16aec.mail.bellsouth.net (imf16aec.mail.bellsouth.net
	[205.152.59.64])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2814943FDF
	for <freebsd-questions@freebsd.org>;
	Thu,  4 Dec 2003 12:00:02 -0800 (PST)
	(envelope-from b_cassidy@bellsouth.net)
Received: from bsdjunky.homeunix.org ([68.217.184.229])
	by imf16aec.mail.bellsouth.netSMTP
	<20031204200001.FQLI1876.imf16aec.mail.bellsouth.net@bsdjunky.homeunix.org>
	for <freebsd-questions@freebsd.org>;
	Thu, 4 Dec 2003 15:00:01 -0500
Date: Thu, 4 Dec 2003 15:05:16 -0600
From: Bryan Cassidy <b_cassidy@bellsouth.net>
To: freebsd-questions@freebsd.org
Message-Id: <20031204150516.14065bc0.b_cassidy@bellsouth.net>
In-Reply-To: <3FCEED2A.5060103@mindcore.net>
References: <20031203182121.0cf47a5c.b_cassidy@bellsouth.net>
	<3FCEED2A.5060103@mindcore.net>
X-Mailer: Sylpheed version 0.9.7 (GTK+ 1.2.10; i386-portbld-freebsd4.8)
Mime-Version: 1.0
Content-Type: multipart/mixed;
 boundary="Multipart=_Thu__4_Dec_2003_15_05_16_-0600_9mS1yISQb3pUZLL/"
Subject: Re: Router question
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Dec 2003 20:00:04 -0000


--Multipart=_Thu__4_Dec_2003_15_05_16_-0600_9mS1yISQb3pUZLL/
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I was able to put something together. Aother PC. I've attached a copy of
the dmesg of the other machine I have. This would be the section of the
handbook on setting another pc up as a router wouldnt it?


http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.html

I just want to start learning about this in the right areas to begin
with. I've never really understood nat. Think maybe I should install
FreeBSD 5.1 on the other machine or is 4.8 ok for this purpose even ok
if I want to start doing more advanced network/security settings. Is
there any advances on using 5.1 over 4.8 in this situation? So how would
I go about setting this other machine up as a router? The PC I am using
now is the one I like to do all my work on. I will have the other PC
probable on the floor just below my main PC. I have an extra DSL cable.
Plus what into what? Kinda confused here. I run these services on my
box. Thanks for the help.

Bryan

CUPS
Apache
PHP
COURIER-IMAP
POSTFIX
SquirrelMail



On Thu, 04 Dec 2003 03:15:38 -0500
Scott W <wegster@mindcore.net> wrote:

> Bryan Cassidy wrote:
> 
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >Hello everyone. Hows everyone doing tongith/today? Well, I'm taking a
> >week off of work and thought I would read up on Security/Networking
> >and anything else to do with making my system/webserver secure. I am
> >going to Best Buy (ya i know, but it's the only computer related
> >store in this shitty town so.) to buy a router and was just wanting
> >to see what people could recommend on which ones are good. I've nver
> >really gotten into this kinda thing before but want to learn. Will
> >there be anything extra that I should get while I'm at the store?
> >Cables etc? I only have one pc is there any point in having a router
> >with one pc? Any links to how to set this up on FreeBSD? Thanks in
> >advance.-----BEGIN PGP SIGNATURE-----
> >Version: GnuPG v1.2.3 (FreeBSD)
> >
> >iD8DBQE/zn4Bm8uTTHnDH3ERAsR1AKDTzQHhzHV0ei2OevUSo0jzdksikACghTjr
> >QGg8Wa7hgX1Dr4vTXGjgCo8=
> >=LXnN
> >-----END PGP SIGNATURE-----
> >_______________________________________________
> >freebsd-questions@freebsd.org mailing list
> >http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> >To unsubscribe, send any mail to
> >"freebsd-questions-unsubscribe@freebsd.org"
> >
> >  
> >
> If you've got only a single PC to connect, then the only reason for 
> wanting (not needing) a (presumably broadband) router is anything
> fairly recent will do NAT (address translation, basically lets > 1 PC
> share 1 public IP address).  One of the 'side benefits' of NAT routers
> is that they closes off connections initiated from the outside world
> (the Net).  Not that big of a deal with freeBSD, as the default
> services running by default are pretty sensible (compared to past and
> some current versions of Solaris, RedHat, SuSe etc etc), but this is
> generally A Good Thing if you're running Windows at any point, or are
> playing around with different services, as many of them have had
> exploits in the past that script kiddies like to jump on.
> 
> Of course, you can also turn your bsd system into a router by adding 
> another NIC, and then attaching a hub or switch to one NIC, and the 
> other to your DSL or cable modem...
> 
> The disadvantage (serious annoyance IMHO) of 'hardware routers'
> (opposed to software running on bsd or another *nix) is the general
> lack of logging abilities.  When I used to run several personal
> domains, it was _amazing_ the number of portscans and IMAP and other
> exploits that would be attempted on my systems.  I personally like to
> know what's being attempted against my systems, and most of the 'off
> the shelf' routers from BestBuy, CompUSA etc are a far cry from Cisco
> and others, who do run a 'real' (meaning user accessible) OS and can
> handle logging as well as complex rules for port forwarding or
> dropping routes....
> 
> As far as freebsd is concerned, if you do decide to get one for
> whatever reason, the router is effectively dual homed, meaningin this
> case, that it has an internal network IP (eg 192.168.1.254) as well as
> an external IP which is what 'the world' sees, which is the IP
> assigned to it via the cable/DSL modem/your ISP.  You'll need to set
> your 'internal' systems (your home PCs/systems) to have their default
> gateway point to the internal IP of the router.  That will be the case
> regardless of whatever OS you run...
> 
> Of course, even a 486 class system, with a minimal install of freebsd,
> 
> with /usr mounted immutable, and a small hard drive, would make a
> great router, and you could also play around with a remote log host
> for logging, monitoring tools like logcheck, sentry, saint, and
> others, as well as designating your own port forwarding and firewall
> rulesets...if you decide to buy an 'off the shelf' router and still
> want some sort of idea of who's trying to do what to your system(s),
> you can port forward a 'popular' port (like IMAP/139, http/80, and/or
> mail/25 to different ports on your local system and set things up to
> only log the connection instead of running the actual services......
> 
> 
> Scott
> 
> 
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/z6GMm8uTTHnDH3ERAm1MAJsF09ewS/A3s1U/VH2u6NbCJQzVZQCguGJh
+CwTOovNglGX7qe10R1lfOk=
=PwDF
-----END PGP SIGNATURE-----

--Multipart=_Thu__4_Dec_2003_15_05_16_-0600_9mS1yISQb3pUZLL/
Content-Type: application/octet-stream;
 name="typescript"
Content-Disposition: attachment;
 filename="typescript"
Content-Transfer-Encoding: base64

U2NyaXB0IHN0YXJ0ZWQgb24gVGh1IERlYyAgNCAxNDozMzo1MSAyMDAzCj4gZG1lc2cJDQ0KQ29w
eXJpZ2h0IChjKSAxOTkyLTIwMDMgVGhlIEZyZWVCU0QgUHJvamVjdC4NCkNvcHlyaWdodCAoYykg
MTk3OSwgMTk4MCwgMTk4MywgMTk4NiwgMTk4OCwgMTk4OSwgMTk5MSwgMTk5MiwgMTk5MywgMTk5
NA0KCVRoZSBSZWdlbnRzIG9mIHRoZSBVbml2ZXJzaXR5IG9mIENhbGlmb3JuaWEuIEFsbCByaWdo
dHMgcmVzZXJ2ZWQuDQpGcmVlQlNEIDQuOC1SRUxFQVNFICMwOiBUaHUgQXByICAzIDEwOjUzOjM4
IEdNVCAyMDAzDQogICAgcm9vdEBmcmVlYnNkLXN0YWJsZS5zZW50ZXguY2E6L3Vzci9vYmovdXNy
L3NyYy9zeXMvR0VORVJJQw0KVGltZWNvdW50ZXIgImk4MjU0IiAgZnJlcXVlbmN5IDExOTMxODIg
SHoNCkNQVTogUGVudGl1bSBJSS9QZW50aXVtIElJIFhlb24vQ2VsZXJvbiAoNDMzLjM4LU1IeiA2
ODYtY2xhc3MgQ1BVKQ0KICBPcmlnaW4gPSAiR2VudWluZUludGVsIiAgSWQgPSAweDY2NSAgU3Rl
cHBpbmcgPSA1DQogIEZlYXR1cmVzPTB4MTgzZjlmZjxGUFUsVk1FLERFLFBTRSxUU0MsTVNSLFBB
RSxNQ0UsQ1g4LFNFUCxNVFJSLFBHRSxNQ0EsQ01PVixQQVQsUFNFMzYsTU1YLEZYU1I+DQpyZWFs
IG1lbW9yeSAgPSAzMzEyODQ0ODAgKDMyMzUyMEsgYnl0ZXMpDQphdmFpbCBtZW1vcnkgPSAzMTY3
MjMyMDAgKDMwOTMwMEsgYnl0ZXMpDQpQcmVsb2FkZWQgZWxmIGtlcm5lbCAia2VybmVsIiBhdCAw
eGMwNTFkMDAwLg0KUGVudGl1bSBQcm8gTVRSUiBzdXBwb3J0IGVuYWJsZWQNCm1kMDogTWFsbG9j
IGRpc2sNClVzaW5nICRQSVIgdGFibGUsIDggZW50cmllcyBhdCAweGMwMGZkZGEwDQpucHgwOiA8
bWF0aCBwcm9jZXNzb3I+IG9uIG1vdGhlcmJvYXJkDQpucHgwOiBJTlQgMTYgaW50ZXJmYWNlDQpw
Y2liMDogPEhvc3QgdG8gUENJIGJyaWRnZT4gb24gbW90aGVyYm9hcmQNCnBjaTA6IDxQQ0kgYnVz
PiBvbiBwY2liMA0KYWdwMDogPFNJUyBHZW5lcmljIGhvc3QgdG8gUENJIGJyaWRnZT4gbWVtIDB4
ZTAwMDAwMDAtMHhlM2ZmZmZmZiBhdCBkZXZpY2UgMC4wIG9uIHBjaTANCmF0YXBjaTA6IDxTaVMg
NTU5MSBBVEE2NiBjb250cm9sbGVyPiBwb3J0IDB4NDAwMC0weDQwMGYsMHgzNzQtMHgzNzcsMHgx
NzAtMHgxNzcsMHgzZjQtMHgzZjcsMHgxZjAtMHgxZjcgaXJxIDE0IGF0IGRldmljZSAwLjEgb24g
cGNpMA0KYXRhMDogYXQgMHgxZjAgaXJxIDE0IG9uIGF0YXBjaTANCmF0YTE6IGF0IDB4MTcwIGly
cSAxNSBvbiBhdGFwY2kwDQppc2FiMDogPFNpUyA4NWM1MDMgUENJLUlTQSBicmlkZ2U+IGF0IGRl
dmljZSAxLjAgb24gcGNpMA0KaXNhMDogPElTQSBidXM+IG9uIGlzYWIwDQpwY2kwOiA8dW5rbm93
biBjYXJkPiAodmVuZG9yPTB4MTAzOSwgZGV2PTB4MDAwOSkgYXQgMS4xDQpvaGNpMDogPFNpUyA1
NTcxIFVTQiBjb250cm9sbGVyPiBtZW0gMHhlNWEwMDAwMC0weGU1YTAwZmZmIGlycSA1IGF0IGRl
dmljZSAxLjIgb24gcGNpMA0KdXNiMDogT0hDSSB2ZXJzaW9uIDEuMCwgbGVnYWN5IHN1cHBvcnQN
CnVzYjA6IDxTaVMgNTU3MSBVU0IgY29udHJvbGxlcj4gb24gb2hjaTANCnVzYjA6IFVTQiByZXZp
c2lvbiAxLjANCnVodWIwOiBTaVMgT0hDSSByb290IGh1YiwgY2xhc3MgOS8wLCByZXYgMS4wMC8x
LjAwLCBhZGRyIDENCnVodWIwOiAyIHBvcnRzIHdpdGggMiByZW1vdmFibGUsIHNlbGYgcG93ZXJl
ZA0KdWh1YjE6IFRleGFzIEluc3RydW1lbnRzIFVULVVTQjQxIGh1YiwgY2xhc3MgOS8wLCByZXYg
MS4xMC8xLjEwLCBhZGRyIDINCnVodWIxOiA0IHBvcnRzIHdpdGggNCByZW1vdmFibGUsIGJ1cyBw
b3dlcmVkDQp1a2JkMDogTWljcm9zb2Z0IE1pY3Jvc29mdCBOYXR1cmFsIEtleWJvYXJkIFBybywg
cmV2IDEuMTAvMS4xMSwgYWRkciAzLCBpY2xhc3MgMy8xDQprYmQwIGF0IHVrYmQwDQp1aGlkMDog
TWljcm9zb2Z0IE1pY3Jvc29mdCBOYXR1cmFsIEtleWJvYXJkIFBybywgcmV2IDEuMTAvMS4xMSwg
YWRkciAzLCBpY2xhc3MgMy8wDQp1bXMwOiBNaWNyb3NvZnQgTWljcm9zb2Z0IFdoZWVsIE1vdXNl
IE9wdGljYWxcTS0uLCByZXYgMS4xMC8xLjIxLCBhZGRyIDQsIGljbGFzcyAzLzENCnVtczA6IDMg
YnV0dG9ucyBhbmQgWiBkaXIuDQpwY2liMjogPFBDSSB0byBQQ0kgYnJpZGdlICh2ZW5kb3I9MTAz
OSBkZXZpY2U9MDAwMSk+IGF0IGRldmljZSAyLjAgb24gcGNpMA0KcGNpMTogPFBDSSBidXM+IG9u
IHBjaWIyDQpwY2kxOiA8U2lTIDUzMC82MjAgU1ZHQSBjb250cm9sbGVyPiBhdCAwLjANCnhsMDog
PDNDb20gM2M5MDBCLVRQTyBFdGhlcmxpbmsgWEw+IHBvcnQgMHhkMDAwLTB4ZDA3ZiBtZW0gMHhl
NWEwMTAwMC0weGU1YTAxMDdmIGlycSAxMSBhdCBkZXZpY2UgOS4wIG9uIHBjaTANCnhsMDogRXRo
ZXJuZXQgYWRkcmVzczogMDA6MDE6MDI6ODY6MmQ6Y2UNCnhsMDogc2VsZWN0aW5nIDEwYmFzZVQg
dHJhbnNjZWl2ZXIsIGhhbGYgZHVwbGV4DQpwY2kwOiA8dW5rbm93biBjYXJkPiAodmVuZG9yPTB4
MTEwNSwgZGV2PTB4ODMwMCkgYXQgMTMuMCBpcnEgMTANCnBjaTA6IDx1bmtub3duIGNhcmQ+ICh2
ZW5kb3I9MHgxMjVkLCBkZXY9MHgxOTY5KSBhdCAxNS4wIGlycSAxMg0KcGNpMDogPHVua25vd24g
Y2FyZD4gKHZlbmRvcj0weDExYzEsIGRldj0weDA0NDEpIGF0IDE3LjAgaXJxIDEwDQpwY2liMTog
PFNpUyA1NTkxIGhvc3QgdG8gQUdQIGJyaWRnZT4gb24gbW90aGVyYm9hcmQNCnBjaTI6IDxQQ0kg
YnVzPiBvbiBwY2liMQ0Kb3JtMDogPE9wdGlvbiBST00+IGF0IGlvbWVtIDB4YzAwMDAtMHhjN2Zm
ZiBvbiBpc2EwDQpmZGMwOiA8TkVDIDcyMDY1QiBvciBjbG9uZT4gYXQgcG9ydCAweDNmMC0weDNm
NSwweDNmNyBpcnEgNiBkcnEgMiBvbiBpc2EwDQpmZGMwOiBGSUZPIGVuYWJsZWQsIDggYnl0ZXMg
dGhyZXNob2xkDQpmZDA6IDwxNDQwLUtCIDMuNSIgZHJpdmU+IG9uIGZkYzAgZHJpdmUgMA0KYXRr
YmRjMDogPEtleWJvYXJkIGNvbnRyb2xsZXIgKGk4MDQyKT4gYXQgcG9ydCAweDYwLDB4NjQgb24g
aXNhMA0KdmdhMDogPEdlbmVyaWMgSVNBIFZHQT4gYXQgcG9ydCAweDNjMC0weDNkZiBpb21lbSAw
eGEwMDAwLTB4YmZmZmYgb24gaXNhMA0Kc2MwOiA8U3lzdGVtIGNvbnNvbGU+IGF0IGZsYWdzIDB4
MTAwIG9uIGlzYTANCnNjMDogVkdBIDwxNiB2aXJ0dWFsIGNvbnNvbGVzLCBmbGFncz0weDMwMD4N
CnNpbzA6IGNvbmZpZ3VyZWQgaXJxIDQgbm90IGluIGJpdG1hcCBvZiBwcm9iZWQgaXJxcyAwDQpz
aW8wIGF0IHBvcnQgMHgzZjgtMHgzZmYgaXJxIDQgZmxhZ3MgMHgxMCBvbiBpc2EwDQpzaW8wOiB0
eXBlIDgyNTANCnNpbzEgYXQgcG9ydCAweDJmOC0weDJmZiBpcnEgMyBvbiBpc2EwDQpzaW8xOiB0
eXBlIDE2NTUwQQ0KcHBjMDogPFBhcmFsbGVsIHBvcnQ+IGF0IHBvcnQgMHgzNzgtMHgzN2YgaXJx
IDcgb24gaXNhMA0KcHBjMDogR2VuZXJpYyBjaGlwc2V0IChFUFAvTklCQkxFKSBpbiBDT01QQVRJ
QkxFIG1vZGUNCnBsaXAwOiA8UExJUCBuZXR3b3JrIGludGVyZmFjZT4gb24gcHBidXMwDQpscHQw
OiA8UHJpbnRlcj4gb24gcHBidXMwDQpscHQwOiBJbnRlcnJ1cHQtZHJpdmVuIHBvcnQNCnBwaTA6
IDxQYXJhbGxlbCBJL08+IG9uIHBwYnVzMA0KdXNiMDogc2NoZWR1bGluZyBvdmVycnVuDQp1c2Iw
OiBzY2hlZHVsaW5nIG92ZXJydW4NCmFkMDogMTAzMDBNQiA8TWF4dG9yIDkxMDgwRDU+IFsyMDky
OC8xNi82M10gYXQgYXRhMC1tYXN0ZXIgVURNQTMzDQphY2QwOiBEVkQtUk9NIDxDUkVBVElWRSBE
VkQtUk9NIERWRDYyNDBFPiBhdCBhdGEwLXNsYXZlIFBJTzQNCmFjZDE6IENEUk9NIDxMVE4zMDE+
IGF0IGF0YTEtbWFzdGVyIFBJTzQNCmFjZDI6IENELVJXIDxSL1JXIDJ4MngyND4gYXQgYXRhMS1z
bGF2ZSBQSU80DQpNb3VudGluZyByb290IGZyb20gdWZzOi9kZXYvYWQwczFhDQphZDA6IFdSSVRF
IGNvbW1hbmQgdGltZW91dCB0YWc9MCBzZXJ2PTAgLSByZXNldHRpbmcNCmF0YTA6IHJlc2V0dGlu
ZyBkZXZpY2VzIC4uIGRvbmUNCmFkMDogV1JJVEUgY29tbWFuZCB0aW1lb3V0IHRhZz0wIHNlcnY9
MCAtIHJlc2V0dGluZw0KYXRhMDogcmVzZXR0aW5nIGRldmljZXMgLi4gZG9uZQ0KYWQwOiBXUklU
RSBjb21tYW5kIHRpbWVvdXQgdGFnPTAgc2Vydj0wIC0gcmVzZXR0aW5nDQphdGEwOiByZXNldHRp
bmcgZGV2aWNlcyAuLiBkb25lDQphZDA6IFdSSVRFIGNvbW1hbmQgdGltZW91dCB0YWc9MCBzZXJ2
PTAgLSByZXNldHRpbmcNCmFkMDogdHJ5aW5nIGZhbGxiYWNrIHRvIFBJTyBtb2RlDQphdGEwOiBy
ZXNldHRpbmcgZGV2aWNlcyAuLiBkb25lDQo+IGV4aXQNDQpleGl0DQoKU2NyaXB0IGRvbmUgb24g
VGh1IERlYyAgNCAxNDozMzo1NSAyMDAzCg==

--Multipart=_Thu__4_Dec_2003_15_05_16_-0600_9mS1yISQb3pUZLL/--