Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > security-basics > 03 > 043294.html (Request Expert securityfocus.com Support)

RE: Hardware + Software Router + OpenBSD DHCP / NAT

From: Allan Schon <allanschon(at)mckinleymachinery.com>
Date: Tue Apr 15 2003 - 14:57:44 EDT


KAPIL,
        Would you care to elaborate? Why is it that you think Smoothwall is appropriate in this case? Twice today, I've seen you recommend it, yet you haven't given any explanation. If I didn't know that the list were moderated, I'd suspect that you worked for Smoothwall Ltd. :^)

This isn't meant as a flame, but I'm interested in the reasoning behind your recommendation.

Thanks!

-----Original Message-----
From: * KAPIL * [mailto:kapil@kapilville.com] Sent: Monday, April 14, 2003 3:45 PM
To: security-basics@securityfocus.com
Subject: RE: Hardware + Software Router + OpenBSD DHCP / NAT Importance: High

Try www.smoothwall.org


Stand Up For Free Speech
http://www.eff.org

-----Original Message-----
From: Allan Schon [mailto:allanschon@mckinleymachinery.com] Sent: Monday, April 14, 2003 6:25 AM
To: security-basics@securityfocus.com
Subject: RE: Hardware + Software Router + OpenBSD DHCP / NAT

I use a Linux system for this very purpose. If you're using the OpenBSD box as a firewall, it would probably be simpler to eliminate the router from the picture. I'm not sure about the actual mechanics of it, but I'm sure that
using OpenBSD to route your connection will give you many more options, and
won't reduce your security appreciably. This will give you something like
this: 

                      *--DMZ hub/switch
                     /
cable modem--OBSD---*
                     \
                      *--protected LAN hub/switch

Provided that you know, or are ready to learn, how to configure OBSD's firewall software, this will give you a lot of flexibility and security.

Do you need help?X

-----Original Message-----
From: Christopher Nehren [mailto:apeiron@comcast.net] Sent: Wednesday, April 09, 2003 9:40 PM
To: security-basics@securityfocus.com
Subject: Hardware + Software Router + OpenBSD DHCP / NAT

Currently I have a cable modem in my house which feeds into a router. This router distributes the modem connection via DHCP to a few machines on my home network. I have an old machine running OpenBSD, and I'd like to know what a good (I suppose "best" would open a flame war?) solution would be, in order to increase my home network security using the OpenBSD system. I'm thinking of something like this: (please excuse my pitiful attempt at ASCII art)

cable modem

|
|
|

router with the OBSD's system set as the DMZ

|
|

  • first ethernet interface on the OBSD machine OpenBSD system running DHCP / NAT + PF
  • second ethernet interface on the OBSD machine
    |
    |
    hub / switch
    |
    |
    client A / client B / client C ... / client Z

Would this work? Would it be more secure to have the modem go to the OBSD box, then to a router, and then route the connection to the machines on the network? My main (only) concern with this setup is the security of my home network.


Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you.

Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. www.blackhat.com

Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics
Received on Tue Apr 15 19:39:08 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:04:04 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library