Date: 05 Aug 2001 11:05:25 -0700 From: Harry Putnam <reader@newsguy.com> To: freebsd-mobile@FreeBSD.ORG Subject: basic firewall - is there a default setup? Message-ID: <m1wv4ibd13.fsf@reader.newsguy.com>
next in thread | raw e-mail | index | archive | help
Maybe a little off topic here, but like many things I suspect
firewalling may be a bit different on a laptop.
In this case a Tosh satellite 4005CDS Running FreeBSD-4.2-RELEASE.
This is a basic install not fully configed as yet. However it won't
be exposed to the internet directly but is behind a hardware firewall
(Netgear FR 314), that handles the heavy work. It allows NATing stuff
to machines inside local lan.
The whole setup is single user home setup DSL connected, with several
machines behind the netgear firewall. Linux, Solaris (intel),
win2000, FreeBSD on the tosh when I hook it in. I run no services
other than ssh that are visible from the internet.
One problem with such a setup, is you never get to see what incoming
connections are trying to do, only that a connection was attempted.
Also with this particular hardware there is no way provided to have
logs fired off more than once a day (except certain highly suspect
activity which is mailed off immediately). Further, this particular
model of Netgears' allows no kind of text based dialog with the
hardware. Its all by browser through a java interface. Logs are
always available immediately if one wants to fire up a browser,
connect to the hardware and have a look. Obviously a pita.
I have some experience with linux ipchains and now iptables and like
the logging possibilities. Probably availabe on about any current
packet filtering software.
I want to study the `Code red' stuff going on, for frequency, what is
being stuffed down port 80 and etc. But not on main machines inside
the firewall. So thinking of hooking the tosh in and setting NATing
to its address for HTTP connection and running an apache server on it.
And might want to use this technique to study other activity on
different ports in the future. If by inexperience or something worse,
I end up getting hacked it won't be too serious to just scrub the disk
and reinstall.
I'm thinking I would firewall/block the toshs lan address from being
able to connect to any other lan machines (through software on the
other machines) as some protection from a hacker getting to the tosh
and then everything else.
Trouble is, I'm not familiar with firewalling at any level on FreeBSD
so really have no idea what is there by default or how its turned on.
I see /etc/rc.firewall and looking at www.FreeBSD.org using the search
tool on `rc.firewall', `ipfw' or the like turns up lots of stuff. An
awfull lot of it is about dialup, and another large chunk is about
`bridging', but browsing though, it wasn't clear if current (4.2-RELEASE)
GENERIC kernels are already enabled or not. Looking at mine, I see no
hits on `filter' `ipfw' or the like other than:
pseudo-device bpf #Berkeley packet filter
Does that mean I have to recompile the kernel or is there enough compiled
in to do something from a stock install?
As you may have guessed, I don't run the tosh that often any more and
haven't kept up with FreeBSD specific stuff because of it.
I guess I need some very low level advice as to what is easily setup
and where to get detailed instructions to do it. Am I looking for `ipfw'
or something else? Maybe `iptables' is now the way to go.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-mobile" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m1wv4ibd13.fsf>