Date: Wed, 15 Dec 2004 09:11:32 +0800 (WST) From: David Adam <zanchey@ucc.gu.uwa.edu.au> To: "R. Scott Kennan" <rskennan@gmail.com> Cc: freebsd-newbies@freebsd.org Subject: Re: Home Network, step by step? Message-ID: <Pine.LNX.4.58.0412150852460.22603@mussel.ucc.gu.uwa.edu.au> In-Reply-To: <a832a7b9041213220147775eb4@mail.gmail.com> References: <a832a7b9041212204846c889d0@mail.gmail.com> <41BDC787.40000@daleco.biz> <a832a7b904121321522b86f27b@mail.gmail.com> <a832a7b9041213220147775eb4@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 14 Dec 2004, R. Scott Kennan wrote: > One other thing I don't understand is why I'm being told to install > the firewall in this context; are firewalls more than just an > intrusion countermeasure? Do they do any 'lifting' on a network beyond > blocking unauthorised transfers? They do now. Partly in response to cleverer security threats, and partly as a convergence between routing and firewalling, most modern firewalls - like ipf and pf in FreeBSD - are now not so much firewalls, but packet filters. They have the ability to inspect and modify any packets going in any direction on various interfaces. This makes them an invaluable tool on routers in any environment (except, perhaps, Internet core routers, but they're another case entirely). By the way, someone up the thread a bit recommended you start running IPFW (IPFIREWALL). While I'm not currently in a position to give you instructions as detailed as James did, I would recommend you start with either ipf or pf. IPFW is much older and is somewhat less well maintained, the documentation in particular. >From the Handbook's IPFW Chapter... http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html "The IPFW stateless rule syntax is empowered with technically sophisticated selection capabilities which far surpasses the knowledge level of the customary firewall installer. IPFW is targeted at the professional user or the advanced technical computer hobbyist who have advanced packet selection requirements." (Proper use of freebsd-newbies@ approaching!) I've had superb results with pf (although for full effect, it will require a kernel rebuild). The pf documentation at OpenBSD is very well written and easy to follow. Setting up NAT can be a somewhat daunting task (personally, I do it at home with Windows' ICS, which is an absolute no-brainer) - however, once you get it working it is extremely useful. Best of luck! (I really should get back to work - if I can get my system at home logged on to the 'net I'll try and run you through the basics of setting it up if you still need it.) Cheers, David Adam --- zanchey@ucc.gu.uwa.edu.au Medicine: And you thought hacking computers was complex.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.58.0412150852460.22603>