Date: Tue, 14 Nov 2000 18:50:33 +0000 From: Brian Somers <brian@Awfulhak.org> To: "Nuno Teixeira" <nuno.teixeira@pt-quorum.com> Cc: freebsd-security@FreeBSD.ORG, brian@Awfulhak.org Subject: Re: PPP NAT Gateway security Message-ID: <200011141850.eAEIoXY00540@hak.lan.Awfulhak.org> In-Reply-To: Message from "Nuno Teixeira" <nuno.teixeira@pt-quorum.com> of "Mon, 13 Nov 2000 22:50:05 GMT." <00c801c04dc4$12a89220$0200a8c0@n2>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hello to all, > > Recently I configured a FreeBSD box to act like a gateway for my NT > workstation computers at my office have access to the Internet. I configured > it in this way: > > ppp -background -nat MYISP > > It works OK and I have access to a lot of Internet services. > > My question is: do I need to configure this machine with firewall, so I can > protect my internal network from the outside net? > > If I need so, please tell me a good place to start with firewalls for > FreeBSD. If you just want to deny incoming connections, you can ``nat deny_incoming yes'' and ``nat target MYADDR'' in your config (although *MAKE SURE* you've got a recent version of ppp - you can get it via http://www.Awfulhak.org/ppp.html - if in doubt, test it from the outside). Read the section on that command in the man page too.... If you wish to be more selective, you need to use either ``set filter'' in ppp or the external ipfw(8) program. > Thanks very much, > > Nuno Teixeira -- Brian <brian@Awfulhak.org> <brian@[uk.]FreeBSD.org> <http://www.Awfulhak.org>; <brian@[uk.]OpenBSD.org> Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011141850.eAEIoXY00540>