Date: Tue, 10 Dec 2002 20:56:25 -0700 From: Lorin Lund <wbs@infowest.com> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: single nic firewall - what are my vulnerabilities. Message-ID: <UOYW4X2ZYVYVAYWSOVSQKXR9585JHGA.3df6b769@Presarionb>
next in thread | raw e-mail | index | archive | help
I just got DSL. My FreeBSD box that used to be my dial-up gateway is now my DSL gateway. I don't have any spare NICs right now so I have my home network defined as subnet 169.254.0.xxx. The DSL 'modem' defines itself as 192.168.0.1. So the NIC in my FreeBSD gateway is defined as 192.168.0.4 and aliased to 169.254.0.1. natd is running with -a 192.168.0.1 . In rc.conf firewall_type="OPEN" So right now I don't have any firewall protection. ipfw is just there to host natd. Assuming that I can create the right set of ipfw rules (and I suppose that could be complicated by the aliasing) are there any other vulnerabilities? Is there any way that anything dangerous can go directly from the DSL 'modem' to one of the other PC's that is on the internal subnet? I would think that being on separate logical subnets would keep any TCP/IP traffic or UDP/IP traffic from getting around the firewall but are there any other packet types or protocols that could slip through and cause trouble? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?UOYW4X2ZYVYVAYWSOVSQKXR9585JHGA.3df6b769>