Date: Tue, 30 Dec 1997 08:25:33 -0600 From: Jim Manley <jmanley@metronet.com> To: <darryl@osborne-ind.com>, "Darryl Hoar" <darryl@osborne-ind.com>, <freebsd-questions@freebsd.org> Subject: Re: Security Info. Message-ID: <97123008484603.00878@darkstar.metronet.com> In-Reply-To: <000e01bfd22e$9fcc2cf0$070101c0@ruraltel.net> References: <000e01bfd22e$9fcc2cf0$070101c0@ruraltel.net>
index | next in thread | previous in thread | raw e-mail
On Fri, 09 Jun 2000, Darryl Hoar wrote: > I have a computer running FreeBSD 3.2-Release. I have this machine > connected to our Internal Lan, and dialup PPP connected to our ISP. > All our machines on the Lan get internet access through this 'gateway'. > If you are using network address translation and RFC-1918 addresses (private address space not advertisable to the internet)? If so, then that affords you some small amount of protection in that someone can't attack the internal machines directly. At a minimum you should be running tcp_wrappers on the gateway machine. Configure it so that external machines can't telnet or ftp to you external interface. You could also install ssh on the gateway device and kill off the telnet and ftp daemons all together. If you want a higher level of assurance, run ipfw on the gateway device. Regards, Jim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?97123008484603.00878>