Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 15 Jan 2000 19:07:58 -0800 (PST)
From:      "f.johan.beisser" <jan@caustic.org>
To:        Olaf Hoyer <ohoyer@fbwi.fh-wilhelmshaven.de>
Cc:        freebsd-ipfw@FreeBSD.ORG
Subject:   Re: Simple router with basic firewall functionalioties
Message-ID:  <Pine.BSF.4.21.0001151856060.57090-100000@pogo.caustic.org>
In-Reply-To: <4.1.20000114165656.00c8d940@mail.rz.fh-wilhelmshaven.de>

next in thread | previous in thread | raw e-mail | index | archive | help

most of this was covered.. but..

On Fri, 14 Jan 2000, Olaf Hoyer wrote:

> Hi!
> 
> Well, I want to recycle my old 486 for a security project...
> 
> Are there any links to good documentation regarding this?
> Or could someone tell some issues with the following config:
> 
> 486/66 or 100        or: 486/sx 25
> 16/32 MB RAM         8/16 MB RAM
> 1 GB HDD                300 MB HDD
> 2 NIC (whether cheap Realtek ISA or AMD PCnet ISA from Allied telesyn)

considering the second colum ...

i'd suggest using picobsd (it fits on a floppy) and eliminating the
harddrive all together. you can do the NAT/FW with that off of the network
app build ($SRCDIR/release/picobsd for more info)

this can (and does) support most harddrives for backing up too, but it
doesn't require them.

<snippage>

> Some braindead jerks are also trying to make funny games, like nuking
> computers and that stuff of network games, mainly targeted on the M$
> machines running here. Any opinions about that, except that a UN*X runs
> better here? Detection/Trace/Retaliation-wise?

retaliation is not generally a good idea. but, as for protection, you can
set up the firewall.. this is coverd by some other folks here, i believe.

> I also thought about a SAMBA server, to ensure compatibility to exchanga
> data with the M$ machines running here. Any security issues?

yes, but i think a better question is why?

if you're using TCP/IP as the transport, there shouldn't be a need to run
samba as a service inside your network. consider that SAMBA is a file
service daemon, i think this would be pointless for you.

unless the machine is going to do more than just be a firewall...

> Yes, I know that running a server app on a router/firewall imposes a severe
> threat, but ir would be a thought, since I need some basic compatibility
> with the rest of the environment.

compatable how?

windows 95/98/NT/2k all should work fine through the firewall, with no
real issues. if they don't, then there is a problem with the setup
somewhere, and i doubt it would be that hard to fix.

> Is it also possible to Send/receive the "messenging service" of NT,
> respective the "Popups"?
> 
> Any input greatly appreciated.

explain more on the "popups" if it's an Instant Messaging Service (AIM,
ICQ, etc) it should work if there isn't to much interferance from the
firewall/NAT.

-- jan


 +-----//  f. johan beisser  //------------------------------+
  email: jan[at]caustic.org   web: http://www.caustic.org/~jan 
   "knowledge is power. power corrupts. study hard, be evil."



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0001151856060.57090-100000>