Date: Sat, 08 Jul 2000 17:27:52 -0400 From: Jim Durham <durham@w2xo.pgh.pa.us> To: Stuart Rogers <srogers@cableregina.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Firewall help Message-ID: <39679CD8.ECF9A7D0@w2xo.pgh.pa.us> References: <000501bfe857$aa912160$23144818@cableregina.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Stuart Rogers wrote: > > Yes hello. I'm a newer BSD user and have freebsd 3.3 powerpak. I run a > small intranet and have my systems hooked up to a cable modem. I want to > make an old 486 box into a basic firewall. I'm not running any servers off > the cable modem I just want to protect against people getting into my > system. Does anyone know of the best way to go about this. All sugestions > and comments would be apreciated. > > Stuart > Rogers I do something of the same sort here. I am on DSL, not cable, but the input/output of my DSL modem is ethernet, as are cable modems. You need an old '486 with two ethernet cards. I'll probably miss something, but here is the gist of setting it up: Let's say your two cards are "ed0" and "ed1" and that you want to use the 10. network on your LAN. Lets say the cable company assigned you the IP address YOUR_IP and the gateway YOUR_GATEWAY and the netmask YOUR-NETMASK Let's say the cable modem plugs into ed0 and the LAN hub is on ed1. In /etc/rc.conf: ifconfig_ed0="inet YOUR_IP netmask YOUR_NETMASK" defaultrouter="YOUR_ROUTER" ifconfig_ed1="10.0.0.1 netmask 255.255.255.0" named_enable="YES" firewall_enable="YES" firewall_type="simple" firewall_quiet="NO" natd_enable="YES" natd_interface="ed0" network_interfaces="lo0 ed0 ed1" In /etc/rc.firewall, section "simple": oif="ed0" onet="YOUR_IP with "O" as last octet" omask="YOUR_NETMASK" oip=YOUR_IP iif="ed1" inet="10.0.0.0" imask="255.255.255.0" iip"10.0.0.1" Compile a new kernel. add options "IP_DIVERT" and "IP_FIREWALL" Assign IPs of 10.0.0.2 and up to your LAN computers. I probably missed something, but that's most of it. - Jim Durham To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39679CD8.ECF9A7D0>