From owner-freebsd-ipfw Sat Jan 15 19: 7:39 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from pogo.caustic.org (pogo.caustic.org [208.44.193.69]) by hub.freebsd.org (Postfix) with ESMTP id CAC9114D18 for ; Sat, 15 Jan 2000 19:07:31 -0800 (PST) (envelope-from jan@caustic.org) Received: from localhost (jan@localhost) by pogo.caustic.org (8.9.3/ignatz) with ESMTP id TAA61989; Sat, 15 Jan 2000 19:07:58 -0800 (PST) Date: Sat, 15 Jan 2000 19:07:58 -0800 (PST) From: "f.johan.beisser" To: Olaf Hoyer Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Simple router with basic firewall functionalioties In-Reply-To: <4.1.20000114165656.00c8d940@mail.rz.fh-wilhelmshaven.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG most of this was covered.. but.. On Fri, 14 Jan 2000, Olaf Hoyer wrote: > Hi! > > Well, I want to recycle my old 486 for a security project... > > Are there any links to good documentation regarding this? > Or could someone tell some issues with the following config: > > 486/66 or 100 or: 486/sx 25 > 16/32 MB RAM 8/16 MB RAM > 1 GB HDD 300 MB HDD > 2 NIC (whether cheap Realtek ISA or AMD PCnet ISA from Allied telesyn) considering the second colum ... i'd suggest using picobsd (it fits on a floppy) and eliminating the harddrive all together. you can do the NAT/FW with that off of the network app build ($SRCDIR/release/picobsd for more info) this can (and does) support most harddrives for backing up too, but it doesn't require them. > Some braindead jerks are also trying to make funny games, like nuking > computers and that stuff of network games, mainly targeted on the M$ > machines running here. Any opinions about that, except that a UN*X runs > better here? Detection/Trace/Retaliation-wise? retaliation is not generally a good idea. but, as for protection, you can set up the firewall.. this is coverd by some other folks here, i believe. > I also thought about a SAMBA server, to ensure compatibility to exchanga > data with the M$ machines running here. Any security issues? yes, but i think a better question is why? if you're using TCP/IP as the transport, there shouldn't be a need to run samba as a service inside your network. consider that SAMBA is a file service daemon, i think this would be pointless for you. unless the machine is going to do more than just be a firewall... > Yes, I know that running a server app on a router/firewall imposes a severe > threat, but ir would be a thought, since I need some basic compatibility > with the rest of the environment. compatable how? windows 95/98/NT/2k all should work fine through the firewall, with no real issues. if they don't, then there is a problem with the setup somewhere, and i doubt it would be that hard to fix. > Is it also possible to Send/receive the "messenging service" of NT, > respective the "Popups"? > > Any input greatly appreciated. explain more on the "popups" if it's an Instant Messaging Service (AIM, ICQ, etc) it should work if there isn't to much interferance from the firewall/NAT. -- jan +-----// f. johan beisser //------------------------------+ email: jan[at]caustic.org web: http://www.caustic.org/~jan "knowledge is power. power corrupts. study hard, be evil." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message