Date: Fri, 27 Feb 2004 15:07:30 -0800 From: Ryan Merrick <sandshrimp@comcast.net> To: Dragoncrest <dragoncrest@voyager.net> Cc: questions@freebsd.org Subject: Re: Is it feisable to do a Firewall'ed DHCP server? Message-ID: <403FCDB2.2080709@comcast.net> In-Reply-To: <200402262012.i1QKCgqn039337@mail0.mx.voyager.net> References: <200402262012.i1QKCgqn039337@mail0.mx.voyager.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Dragoncrest wrote: > I'm looking to take an old P120 with 128m of ram and turn it into a lan > DHCP server. The thing is, the guys who will be pulling DHCP addresses > are cream of the crop computer users who really know their way around. > So I plan to have all network services (minus DHCP of course) turned off > and I will have IPFW running as well to protect the box from most hack > attempts. > > The network itself with be a 300+ person gaming lan broken down into 24 > person Vlan's for added security. The box in question will only be > console accessible to the average user. AKA, you ain't at the console, > you don't get in as I plan to turn off sendmail, ssh, everything except > DHCP and IPFW. So, how feisable is it to actually run a system like > this? I realize I gotta open up certain ports in the firewall rules to > allow DHCP. I'll figure those out later. I'm more curious if these > steps to protect the security of the box are doable and if so, would > they be practical? I'm just thinking ahead like this because I don't > want the box to get hacked and used to bring down the network. > > I'm also looking to set the firewall to log ALL packets so that if we > have a problem user, we can use the firewall logs to identify said user. > I'd be looking for things like port scanning and other hacking/virus > like activity. We had our network brought down once by same said virus > and hacking activity but never found who did it. So this is our new > plan to prevent that from happening and detect and remove said > individuals who are causing said issues. > > It's hard enough running a 300 person gaming lan. We want to be sure > that we don't have it brought to its knees like last time. > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > Hi, Take a look at netreg for the user and dhcp management. http://www.netreg.org/ -- -Ryan Merrick sandshrimp@comcast.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?403FCDB2.2080709>