Date: Tue, 30 Dec 1997 08:25:33 -0600 From: Jim Manley <jmanley@metronet.com> To: <darryl@osborne-ind.com>, "Darryl Hoar" <darryl@osborne-ind.com>, <freebsd-questions@freebsd.org> Subject: Re: Security Info. Message-ID: <97123008484603.00878@darkstar.metronet.com> In-Reply-To: <000e01bfd22e$9fcc2cf0$070101c0@ruraltel.net> References: <000e01bfd22e$9fcc2cf0$070101c0@ruraltel.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 09 Jun 2000, Darryl Hoar wrote: > I have a computer running FreeBSD 3.2-Release. I have this machine=20 > connected to our Internal Lan, and dialup PPP connected to our ISP. > All our machines on the Lan get internet access through this 'gateway'. >=20 If you are using network address translation and RFC-1918 addresses (priv= ate address space not advertisable to the internet)? If so, then that afford= s you some small amount of protection in that someone can't attack the internal machines directly. At a minimum you should be running tcp_wrappers on the gateway machine.=20 Configure it so that external machines can't telnet or ftp to you externa= l interface. You could also install ssh on the gateway device and kill off= the telnet and ftp daemons all together. =20 If you want a higher level of assurance, run ipfw on the gateway device. Regards, Jim =20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?97123008484603.00878>