Date: Fri, 14 Jun 2002 14:42:46 -0700 (PDT) From: John Newlin <jnewlin@tsoft.com> To: freebsd-questions@freebsd.org Subject: ipfw and other security questions Message-ID: <200206142142.OAA28697@shell.tsoft.com>
next in thread | raw e-mail | index | archive | help
Hi,
I have a very simple setup at home. One static IP that my wife and I share,
so I setup a computer running FreeBSD to do NAT via natd.
This setup is replacing a Linux config that was hacked into
via some buffer overflow bug in sshd (my fault for not keeping
up with patches.)
It is currently up and running, but I'm a little bit concerned
over security, and also I don't quite understand some things.
Maybe someone can help me out.
1) What is the difference between natd, and ipnat. I see natd
runs in user-land, and ipnat appears to do the same sorts of
things but is compiled into the kernel.
2) I'm setting up some simple firewall rules. I see through sysctl
that there a 3 different sets of port ranges. Can someone explain
where these 3 different sets of ranges are used:
net.inet.ip.portrange.lowfirst: 1023
net.inet.ip.portrange.lowlast: 600
net.inet.ip.portrange.first: 1024
net.inet.ip.portrange.last: 5000
net.inet.ip.portrange.hifirst: 49152
net.inet.ip.portrange.hilast: 65535
3) I've turned off all services except for sshd (which is running
on a non-standard port. What portranges should I open up access
to from my internal net? I'm assuming that this is somehow
related to the above ranges in some fashion.
4) Why is sysylog listening on a udp port? :)
5) chflags and schg. Does anyone really lock stuff down with this?
and if so, what files?
I'm sure I will have more,
Thanks,
-John
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206142142.OAA28697>