Re: Home Network, step by step?
From: David Adam (zanchey_at_ucc.gu.uwa.edu.au)
Date: 12/15/04
- Previous message: Kevin Smith: "video capture and editing suggestions please"
- In reply to: R. Scott Kennan: "Re: Home Network, step by step?"
- Next in thread: Tyler Gee: "Re: Home Network, step by step?"
- Reply: Tyler Gee: "Re: Home Network, step by step?"
- Reply: Kevin D. Kinsey, DaleCo, S.P.: "Re: Home Network, step by step?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 15 Dec 2004 09:11:32 +0800 (WST) To: "R. Scott Kennan" <rskennan@gmail.com>
On Tue, 14 Dec 2004, R. Scott Kennan wrote:
> One other thing I don't understand is why I'm being told to install
> the firewall in this context; are firewalls more than just an
> intrusion countermeasure? Do they do any 'lifting' on a network beyond
> blocking unauthorised transfers?
They do now.
Partly in response to cleverer security threats, and partly as a
convergence between routing and firewalling, most modern firewalls - like
ipf and pf in FreeBSD - are now not so much firewalls, but packet filters.
They have the ability to inspect and modify any packets going in any
direction on various interfaces. This makes them an invaluable tool on
routers in any environment (except, perhaps, Internet core routers, but
they're another case entirely).
By the way, someone up the thread a bit recommended you start running
IPFW (IPFIREWALL). While I'm not currently in a position to give you
instructions as detailed as James did, I would recommend you start with
either ipf or pf. IPFW is much older and is somewhat less well maintained,
the documentation in particular.
>From the Handbook's IPFW Chapter...
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html
"The IPFW stateless rule syntax is empowered with technically
sophisticated selection capabilities which far surpasses the knowledge
level of the customary firewall installer. IPFW is targeted at the
professional user or the advanced technical computer hobbyist who have
advanced packet selection requirements."
(Proper use of freebsd-newbies@ approaching!)
I've had superb results with pf (although for full effect, it will require
a kernel rebuild). The pf documentation at OpenBSD is very well written
and easy to follow. Setting up NAT can be a somewhat daunting task
(personally, I do it at home with Windows' ICS, which is an absolute
no-brainer) - however, once you get it working it is extremely useful.
Best of luck! (I really should get back to work - if I can get my system
at home logged on to the 'net I'll try and run you through the basics of
setting it up if you still need it.)
Cheers,
David Adam
--- zanchey@ucc.gu.uwa.edu.au Medicine: And you thought hacking computers was complex. _______________________________________________ freebsd-newbies@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-newbies To unsubscribe, send any mail to "freebsd-newbies-unsubscribe@freebsd.org"
- Previous message: Kevin Smith: "video capture and editing suggestions please"
- In reply to: R. Scott Kennan: "Re: Home Network, step by step?"
- Next in thread: Tyler Gee: "Re: Home Network, step by step?"
- Reply: Tyler Gee: "Re: Home Network, step by step?"
- Reply: Kevin D. Kinsey, DaleCo, S.P.: "Re: Home Network, step by step?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
