From owner-freebsd-hackers  Sun May 17 20:52:49 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA24489
          for freebsd-hackers-outgoing; Sun, 17 May 1998 20:52:49 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from mail.atipa.com (altrox.atipa.com [208.128.22.34])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id UAA24470
          for <hackers@FreeBSD.ORG>; Sun, 17 May 1998 20:52:22 -0700 (PDT)
          (envelope-from freebsd@atipa.com)
Received: (qmail 1837 invoked by uid 1017); 18 May 1998 02:49:46 -0000
Date: Sun, 17 May 1998 20:49:46 -0600 (MDT)
From: Atipa <freebsd@atipa.com>
To: Terry Lambert <tlambert@primenet.com>
cc: Capriotti <capriotti@geocities.com>, hackers@FreeBSD.ORG
Subject: Re: DHCP
In-Reply-To: <199805172046.NAA29488@usr05.primenet.com>
Message-ID: <Pine.BSF.3.96.980517204405.1796B-100000@altrox.atipa.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


> By default, you will want to disable all ports (ports map to services),
> and enable ports on a case-by-case basis, per machine.

This will need to be done afer DHCP is loaded, or else you'll never get
off the ground. rc.firewall I would think would need to allow lo0 packets
and anything from the DHCP server, then after getting your addresses and
such, build another firewall script dynamically that is more stringent.

> The above all presumes, of course, that you are running the DHCP server
> on the FreeBSD box, and NOT on the NT box.  If you need to run the DHCP
> server on the NT box, then you will be forced to buy a third party
> firewall package from someone who has probably paid a *LOT* of money
> to license NT source code, and wants to make that money back.  Given
> NT source license fees, I'd expect the price to be in the tens of
> thousands of dollars.

> Note: there is Samba code that allows a FreeBSD box to act as an NT
> domain controller, so if the reason you have to use NT is because of
> domain controller services, then you don't have to use NT like you
> thought you did.

This is still BETA at best, and not very useful for a production
environment.  Still, it is a great first step. Once it is fully
functional, adminning these crap-o `95 machines will be MUCH nicer! 

Kevin


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message