RE: Hardware + Software Router + OpenBSD DHCP / NAT
From: Allan Schon (allanschon@mckinleymachinery.com)
Date: 04/14/03
- Previous message: hp: "testing IPsec VPN"
- Maybe in reply to: Christopher Nehren: "Hardware + Software Router + OpenBSD DHCP / NAT"
- Next in thread: * KAPIL *: "RE: Hardware + Software Router + OpenBSD DHCP / NAT"
- Reply: * KAPIL *: "RE: Hardware + Software Router + OpenBSD DHCP / NAT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 14 Apr 2003 07:25:16 -0400 From: "Allan Schon" <allanschon@mckinleymachinery.com> To: <security-basics@securityfocus.com>
I use a Linux system for this very purpose. If you're using the OpenBSD box
as a firewall, it would probably be simpler to eliminate the router from the
picture. I'm not sure about the actual mechanics of it, but I'm sure that
using OpenBSD to route your connection will give you many more options, and
won't reduce your security appreciably. This will give you something like
this:
*--DMZ hub/switch
/
cable modem--OBSD---*
\
*--protected LAN hub/switch
Provided that you know, or are ready to learn, how to configure OBSD's
firewall software, this will give you a lot of flexibility and security.
-----Original Message-----
From: Christopher Nehren [mailto:apeiron@comcast.net]
Sent: Wednesday, April 09, 2003 9:40 PM
To: security-basics@securityfocus.com
Subject: Hardware + Software Router + OpenBSD DHCP / NAT
Currently I have a cable modem in my house which feeds into a router.
This router distributes the modem connection via DHCP to a few machines
on my home network. I have an old machine running OpenBSD, and I'd like
to know what a good (I suppose "best" would open a flame war?) solution
would be, in order to increase my home network security using the
OpenBSD system. I'm thinking of something like this: (please excuse my
pitiful attempt at ASCII art)
cable modem
|
|
|
router with the OBSD's system set as the DMZ
|
|
- first ethernet interface on the OBSD machine
OpenBSD system running DHCP / NAT + PF
- second ethernet interface on the OBSD machine
|
|
hub / switch
|
|
client A / client B / client C ... / client Z
Would this work? Would it be more secure to have the modem go to the
OBSD box, then to a router, and then route the connection to the
machines on the network? My main (only) concern with this setup is the
security of my home network.
-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------
- Previous message: hp: "testing IPsec VPN"
- Maybe in reply to: Christopher Nehren: "Hardware + Software Router + OpenBSD DHCP / NAT"
- Next in thread: * KAPIL *: "RE: Hardware + Software Router + OpenBSD DHCP / NAT"
- Reply: * KAPIL *: "RE: Hardware + Software Router + OpenBSD DHCP / NAT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
