From owner-freebsd-questions Mon Apr 19 22:17:15 1999 Delivered-To: freebsd-questions@freebsd.org Received: from cygnus.rush.net (cygnus.rush.net [209.45.245.133]) by hub.freebsd.org (Postfix) with ESMTP id 473FC150CB for ; Mon, 19 Apr 1999 22:17:12 -0700 (PDT) (envelope-from bright@rush.net) Received: from localhost (bright@localhost) by cygnus.rush.net (8.9.3/8.9.3) with SMTP id AAA15098; Tue, 20 Apr 1999 00:30:37 -0500 (EST) Date: Tue, 20 Apr 1999 00:30:35 -0500 (EST) From: Alfred Perlstein To: iratus@home.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Security In-Reply-To: <199904200413.VAA00549@CC602670-A.flrtn1.occa.home.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 19 Apr 1999, jeff wrote: > Hello-I realize this may not be the appropriate list but I am > a little confused at this point-I use cable modem to assess the > internet. I have disabled inetd as well as portmap and nfs services > and have only xntpd running in the background. This is a single > machine on which I run both my school work (which is not critical) > and my business (legal research which is both critical and must > be protected from intrusion) and as yet have no evidence of intrusion. > Still I need to KNOW that I have maxed out the available protection. > I am considering running a basic firewall using ipfw which I think needs > natd also. I can follow directions and although I don't program I am able to > do most of the basic buuilding and installing of the software. Basic problem is > I can't seem to find an explanation 1) how the parts fit together and > 2) how to do the basic configuration, especially the rule set needed. Any > pointers or any info at all for that matter, on these two points will be greatlyappreciated. Thanks in advance- Jeff Phillips I usually build off of /etc/rc.firewall, the "simple" setup is pretty nice, a bit limiting, but you can modify it. I really suggest purchasing a book on firewalls if anything. Note that ipfw does NOT need natd, you may need natd if you plan on allowing machines with fake ip addresses to access the internet semi transparently. It's not even close to a solution, but if you want a bit of added security you may want to put sensative machines on a private network (192.168.x.x or 10.x.x.x or that other one i always forget...) This makes it much more difficult for attackers to target machines behind your natd box. -Alfred > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > -Alfred To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message