Re: How to login user automatically? (for IP Filter firewall)
From: WinGuy (no_spam_at_nomail.bot)
Date: 09/10/04
- Next message: Scott: "Re: Writing to NTFS disk"
- Previous message: Jean-Yves Avenard: "Re: unknown option "PFIL_HOOKS" when building CURRENT"
- In reply to:(deleted message) Martin: "Re: How to login user automatically? (for IP Filter firewall)"
- Next in thread: Martin: "Re: How to login user automatically? (for IP Filter firewall)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 10 Sep 2004 00:38:33 GMT
"Martin" <nospam@example.org> wrote in message
news:10k1lj7ld3npi8e@news.supernews.com...
> Jean-Yves Avenard wrote:
>
> > WinGuy wrote:
> >> But I might have made a mistake going with FreeBSD. Maybe I have to go
> >> with OpenBSD. One of the cool things about IP Filter is that it can
> >> bridge interfaces and not even use IP addresses on the 2 ethernet cards
> >> at all. Search the above link for the text "What Firewall? Transparent
> >> filtering."
> >
> > I've done bridging of two interfaces with FreeBSD before, sure you do
> > have to assign an IP address to the bridged interface, but with the
> > firewall you can disable all traffic on it.
>
> ISTR from the IPFILTER docs that you can run a transparent ("stealth")
> firewall with IPFilter and FreeBSD. The thing will run happily at layer 2,
> so you don't need to give it any IP addresses. Worth doing as an outer
skin
> firewall if you have an old box lying around and you're paranoid, or, if
> maybe your main firewall has lots of LANs or VLANs, and you want an extra
> outer firewall to do some initial filtering with a simpler ruleset, to
> reduce the chances of user error creeping in.
>
> Is there any reason to think that OpenBSD and FreeBSD have any significant
> differences for such an application?
I think that the great tutorial at
http://www.schlacter.net/public/FreeBSD-STABLE_and_IPFILTER.html (37 printed
pages!), which was originated when 4.X was the best available, kind of ended
up confusing me since I use 5.2.1. The
http://ezine.daemonnews.org/200211/ipfilter-bridge.html link that Lee gave
seems to me to be more relevant to an initial installation and config of
IPFilter with 5.X for being a statefull transparent bridge. Somewhere
amongst all that info, I think that I saw that even with a transparent
bridge one could also have a 3rd interface (with an IP address, preferably
of a LAN type) for the purpose of remote access & configuration. Outside of
the caution about loops, I did not find anything in that 5.X info that now m
akes me think that maybe I should have instead chosen OpenBSD, so maybe I
didn't make a mistake after all. :)
I suppose I'll have to hack on IPFilter to get the real-time analysis of the
128-bytes of data available per packet that I want, as I really don't see a
practical way of doing it with logs even if I could somehow use a ramdrive
with FBSD and tell IPFilter to use it. That would be a kludge. Maybe someone
out there has already done such a hack... (well, I can hope!)
My brain hurts. Does this happen to all newbies of this OS?
- Next message: Scott: "Re: Writing to NTFS disk"
- Previous message: Jean-Yves Avenard: "Re: unknown option "PFIL_HOOKS" when building CURRENT"
- In reply to:(deleted message) Martin: "Re: How to login user automatically? (for IP Filter firewall)"
- Next in thread: Martin: "Re: How to login user automatically? (for IP Filter firewall)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
