Date: Thu, 26 Feb 2004 15:12:42 -0500 From: "Dragoncrest" <dragoncrest@voyager.net> To: questions@freebsd.org Subject: Is it feisable to do a Firewall'ed DHCP server? Message-ID: <200402262012.i1QKCgqn039337@mail0.mx.voyager.net>
next in thread | raw e-mail | index | archive | help
I'm looking to take an old P120 with 128m of ram and turn it into a lan DHCP server. The thing is, the guys who will be pulling DHCP addresses are cream of the crop computer users who really know their way around. So I plan to have all network services (minus DHCP of course) turned off and I will have IPFW running as well to protect the box from most hack attempts. The network itself with be a 300+ person gaming lan broken down into 24 person Vlan's for added security. The box in question will only be console accessible to the average user. AKA, you ain't at the console, you don't get in as I plan to turn off sendmail, ssh, everything except DHCP and IPFW. So, how feisable is it to actually run a system like this? I realize I gotta open up certain ports in the firewall rules to allow DHCP. I'll figure those out later. I'm more curious if these steps to protect the security of the box are doable and if so, would they be practical? I'm just thinking ahead like this because I don't want the box to get hacked and used to bring down the network. I'm also looking to set the firewall to log ALL packets so that if we have a problem user, we can use the firewall logs to identify said user. I'd be looking for things like port scanning and other hacking/virus like activity. We had our network brought down once by same said virus and hacking activity but never found who did it. So this is our new plan to prevent that from happening and detect and remove said individuals who are causing said issues. It's hard enough running a 300 person gaming lan. We want to be sure that we don't have it brought to its knees like last time.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200402262012.i1QKCgqn039337>