From owner-freebsd-questions  Fri Jun 14 14:43:50 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from shell.tsoft.com (shell.tsoft.com [198.144.192.5])
	by hub.freebsd.org (Postfix) with ESMTP id DCD3837B4B5
	for <freebsd-questions@freebsd.org>; Fri, 14 Jun 2002 14:42:46 -0700 (PDT)
Received: (from jnewlin@localhost)
	by shell.tsoft.com (8.8.7/8.8.7) id OAA28697
	for freebsd-questions@freebsd.org; Fri, 14 Jun 2002 14:42:46 -0700 (PDT)
From: John Newlin <jnewlin@tsoft.com>
Message-Id: <200206142142.OAA28697@shell.tsoft.com>
Subject: ipfw and other security questions
To: freebsd-questions@freebsd.org
Date: Fri, 14 Jun 2002 14:42:46 -0700 (PDT)
X-Mailer: ELM [version 2.5 PL2]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hi,

I have a very simple setup at home.  One static IP that my wife and I share,
so I setup a computer running FreeBSD to do NAT via natd.  

This setup is replacing a Linux config that was hacked into
via some buffer overflow bug in sshd (my fault for not keeping
up with patches.)

It is currently up and running, but I'm a little bit concerned
over security, and also I don't quite understand some things.
Maybe someone can help me out.


1) What is the difference between natd, and ipnat.  I see natd
   runs in user-land, and ipnat appears to do the same sorts of
   things but is compiled into the kernel.

2) I'm setting up some simple firewall rules.  I see through sysctl
   that there a 3 different sets of port ranges.  Can someone explain
   where these 3 different sets of ranges are used:
     net.inet.ip.portrange.lowfirst: 1023
     net.inet.ip.portrange.lowlast: 600
     net.inet.ip.portrange.first: 1024
     net.inet.ip.portrange.last: 5000
     net.inet.ip.portrange.hifirst: 49152
     net.inet.ip.portrange.hilast: 65535

3) I've turned off all services except for sshd (which is running
   on a non-standard port.  What portranges should I open up access
   to from my internal net?  I'm assuming that this is somehow
   related to the above ranges in some fashion.

4) Why is sysylog listening on a udp port?  :)


5) chflags and schg.  Does anyone really lock stuff down with this?
   and if so, what files?


I'm sure I will have more,

Thanks,

-John


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message