From owner-freebsd-mobile Sun Aug 5 11: 5:45 2001 Delivered-To: freebsd-mobile@freebsd.org Received: from mail.networkone.net (mail.networkone.net [209.144.112.246]) by hub.freebsd.org (Postfix) with SMTP id 9AF9D37B401 for ; Sun, 5 Aug 2001 11:05:41 -0700 (PDT) (envelope-from reader@newsguy.com) Received: (qmail 15563 invoked from network); 5 Aug 2001 18:05:30 -0000 Received: from unknown (HELO reader.local.lan) (209.144.117.151) by mail.networkone.net with SMTP; 5 Aug 2001 18:05:30 -0000 Received: (from reader@localhost) by reader.local.lan (8.11.2/8.11.0) id f75I5Pi13608; Sun, 5 Aug 2001 11:05:25 -0700 X-Authentication-Warning: reader.local.lan: reader set sender to reader@newsguy.com using -f To: freebsd-mobile@FreeBSD.ORG Subject: basic firewall - is there a default setup? From: Harry Putnam Message-ID: User-Agent: Gnus/5.090003 (Oort Gnus v0.03) Emacs/21.0.104 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: 05 Aug 2001 11:05:25 -0700 Lines: 66 Sender: owner-freebsd-mobile@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Maybe a little off topic here, but like many things I suspect firewalling may be a bit different on a laptop. In this case a Tosh satellite 4005CDS Running FreeBSD-4.2-RELEASE. This is a basic install not fully configed as yet. However it won't be exposed to the internet directly but is behind a hardware firewall (Netgear FR 314), that handles the heavy work. It allows NATing stuff to machines inside local lan. The whole setup is single user home setup DSL connected, with several machines behind the netgear firewall. Linux, Solaris (intel), win2000, FreeBSD on the tosh when I hook it in. I run no services other than ssh that are visible from the internet. One problem with such a setup, is you never get to see what incoming connections are trying to do, only that a connection was attempted. Also with this particular hardware there is no way provided to have logs fired off more than once a day (except certain highly suspect activity which is mailed off immediately). Further, this particular model of Netgears' allows no kind of text based dialog with the hardware. Its all by browser through a java interface. Logs are always available immediately if one wants to fire up a browser, connect to the hardware and have a look. Obviously a pita. I have some experience with linux ipchains and now iptables and like the logging possibilities. Probably availabe on about any current packet filtering software. I want to study the `Code red' stuff going on, for frequency, what is being stuffed down port 80 and etc. But not on main machines inside the firewall. So thinking of hooking the tosh in and setting NATing to its address for HTTP connection and running an apache server on it. And might want to use this technique to study other activity on different ports in the future. If by inexperience or something worse, I end up getting hacked it won't be too serious to just scrub the disk and reinstall. I'm thinking I would firewall/block the toshs lan address from being able to connect to any other lan machines (through software on the other machines) as some protection from a hacker getting to the tosh and then everything else. Trouble is, I'm not familiar with firewalling at any level on FreeBSD so really have no idea what is there by default or how its turned on. I see /etc/rc.firewall and looking at www.FreeBSD.org using the search tool on `rc.firewall', `ipfw' or the like turns up lots of stuff. An awfull lot of it is about dialup, and another large chunk is about `bridging', but browsing though, it wasn't clear if current (4.2-RELEASE) GENERIC kernels are already enabled or not. Looking at mine, I see no hits on `filter' `ipfw' or the like other than: pseudo-device bpf #Berkeley packet filter Does that mean I have to recompile the kernel or is there enough compiled in to do something from a stock install? As you may have guessed, I don't run the tosh that often any more and haven't kept up with FreeBSD specific stuff because of it. I guess I need some very low level advice as to what is easily setup and where to get detailed instructions to do it. Am I looking for `ipfw' or something else? Maybe `iptables' is now the way to go. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-mobile" in the body of the message