Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 27 Feb 2004 15:07:30 -0800
From:      Ryan Merrick <sandshrimp@comcast.net>
To:        Dragoncrest <dragoncrest@voyager.net>
Cc:        questions@freebsd.org
Subject:   Re: Is it feisable to do a Firewall'ed DHCP server?
Message-ID:  <403FCDB2.2080709@comcast.net>
In-Reply-To: <200402262012.i1QKCgqn039337@mail0.mx.voyager.net>
References:  <200402262012.i1QKCgqn039337@mail0.mx.voyager.net>

next in thread | previous in thread | raw e-mail | index | archive | help
Dragoncrest wrote:
> I'm looking to take an old P120 with 128m of ram and turn it into a lan
> DHCP server.  The thing is, the guys who will be pulling DHCP addresses
> are cream of the crop computer users who really know their way around. 
> So I plan to have all network services (minus DHCP of course) turned off
> and I will have IPFW running as well to protect the box from most hack
> attempts.
> 
> The network itself with be a 300+ person gaming lan broken down into 24
> person Vlan's for added security.  The box in question will only be
> console accessible to the average user.  AKA, you ain't at the console,
> you don't get in as I plan to turn off sendmail, ssh, everything except
> DHCP and IPFW.  So, how feisable is it to actually run a system like
> this?  I realize I gotta open up certain ports in the firewall rules to
> allow DHCP.  I'll figure those out later.  I'm more curious if these
> steps to protect the security of the box are doable and if so, would
> they be practical?  I'm just thinking ahead like this because I don't
> want the box to get hacked and used to bring down the network.
> 
> I'm also looking to set the firewall to log ALL packets so that if we
> have a problem user, we can use the firewall logs to identify said user.
>  I'd be looking for things like port scanning and other hacking/virus
> like activity.  We had our network brought down once by same said virus
> and hacking activity but never found who did it.  So this is our new
> plan to prevent that from happening and detect and remove said
> individuals who are causing said issues.
> 
> It's hard enough running a 300 person gaming lan.  We want to be sure
> that we don't have it brought to its knees like last time.
> 
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
> 
Hi,

Take a look at netreg for the user and dhcp management.
http://www.netreg.org/


-- 
-Ryan Merrick
sandshrimp@comcast.net



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?403FCDB2.2080709>