From owner-freebsd-questions  Mon Oct  4 16:50: 3 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from awfulhak.org (dynamic-56.max1-du-ws.dialnetwork.pavilion.co.uk [212.74.8.56])
	by hub.freebsd.org (Postfix) with ESMTP id D990F15145
	for <freebsd-questions@FreeBSD.ORG>; Mon,  4 Oct 1999 16:47:03 -0700 (PDT)
	(envelope-from brian@Awfulhak.org)
Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [172.16.0.12])
	by awfulhak.org (8.9.3/8.9.3) with ESMTP id XAA06219;
	Mon, 4 Oct 1999 23:26:25 +0100 (BST)
	(envelope-from brian@lan.awfulhak.org)
Received: from hak.lan.Awfulhak.org (brian@localhost.lan.Awfulhak.org [127.0.0.1])
	by hak.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id SAA01032;
	Mon, 4 Oct 1999 18:19:00 +0100 (BST)
	(envelope-from brian@hak.lan.Awfulhak.org)
Message-Id: <199910041719.SAA01032@hak.lan.Awfulhak.org>
X-Mailer: exmh version 2.0.2 2/24/98
To: Mark Hartley <mark@whetstonelogic.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: FW: PPP & security 
In-reply-to: Your message of "Wed, 29 Sep 1999 16:32:56 PDT."
             <XFMail.990929163256.mark@whetstonelogic.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 04 Oct 1999 18:18:57 +0100
From: Brian Somers <brian@Awfulhak.org>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> I've followed the list for a few months (& searched through the mailing list
> archive) and really couldn't find anything that answered my question, so here I
> go:
> 
> I've got a home network (FreeBSD, Win95, Mac: with hubs, cat5, etc.) that
> currently connecting to the Internet via a FreeBSD 2.2.8-RELEASE machine (using
> ppp -auto -alias ISP), and everything is working great.  I stay connected for
> 8-10 hours at a time (I work from home).
> 
> My question is mostly related to the security of my network.  I want to know if
> the FreeBSD machine is providing adequate security for me.  I've disabled
> services I do not use on the machine.  I'm going to be putting 3.2 STABLE on the
> gateway machine next week.  Should I worry about setting up IPFW & NATD? (is
> this even possible with ppp?)
> 
> Are there other things I should be doing?  I realize on a dialup I'm kind of
> like a moving target, but I stay on long enough that I want to make sure I'm
> being careful.

natd is exactly the same as the -alias flag to ppp, so you don't need 
both.  WRT the firewall side of things you have three choices.  You 
can use ipfw for the greatest flexibility, you can use the ``set 
filter'' commands within ppp for a similar sort of thing or you can 
use ``alias deny_incoming yes'' to simply deny incoming connections.

> Thanks in advance.
> 
> Mark.

-- 
Brian <brian@Awfulhak.org>                        <brian@FreeBSD.org>
      <http://www.Awfulhak.org>                   <brian@OpenBSD.org>
Don't _EVER_ lose your sense of humour !          <brian@FreeBSD.org.uk>




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message