Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 16 Jan 2000 02:45:34 -0800 (PST)
From:      "f.johan.beisser" <jan@caustic.org>
To:        Olaf Hoyer <ohoyer@fbwi.fh-wilhelmshaven.de>
Cc:        freebsd-ipfw@FreeBSD.ORG
Subject:   Re: Simple router with basic firewall functionalioties
Message-ID:  <Pine.BSF.4.21.0001160234300.57090-100000@pogo.caustic.org>
In-Reply-To: <4.1.20000116041246.0097bd50@mail.rz.fh-wilhelmshaven.de>

next in thread | previous in thread | raw e-mail | index | archive | help

oof. make it hard ;)

On Sun, 16 Jan 2000, Olaf Hoyer wrote:

<snippage>

> >> I also thought about a SAMBA server, to ensure compatibility to exchanga
> >> data with the M$ machines running here. Any security issues?
> >
> >yes, but i think a better question is why?
> 
> We use a peer -to peer network here, with mostly M$ machines using
> SMB/Netbeui/Netbios here. To transfer files, we mostly use the M$ directory
> stuff to allow access and so. Its easy, and even the girls here can figure
> it out...
> BTW, it is explicitly forbidden here in our home to use stuff like FTP servers.

hrm. ok, one solution is to forward $GOODPACKET through, perhaps have an
explicitly allowed list of servers and such in your firewall ruleset.

<more snippage>

> >unless the machine is going to do more than just be a firewall...
> That was my second thought, to capsule the main box completely from the
> rest of the network.

i cought the network map you made earlier.. ok, so it would be
isolated/protected from the rest of the network, but with some access to
support the various needed apps (divert and so on). i still look at this
and think it's a Bad Idea (TM).

unless.. well, i already mentioned filtering out everything except for a
specific list of hosts you'd want to let in to your network segment. this
might be the only real option.

> >> Is it also possible to Send/receive the "messenging service" of NT,
> >> respective the "Popups"?
> SMB messenging (broadcast type, used by the "telephony/popup" application
> in WIn3.x/Win9x/NT)

well, i know for a fact that you can establish a connection through nat,
while denying all incoming packets. this works for ftp (wich has two ports
that it uses), and most other applications.


-- jan

 +-----//  f. johan beisser  //------------------------------+
  email: jan[at]caustic.org   web: http://www.caustic.org/~jan 
   "knowledge is power. power corrupts. study hard, be evil."



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0001160234300.57090-100000>