Router question
Scott W
wegster at mindcore.net
Wed Dec 3 21:19:54 PST 2003
Bryan Cassidy wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Hello everyone. Hows everyone doing tongith/today? Well, I'm taking a
>week off of work and thought I would read up on Security/Networking and
>anything else to do with making my system/webserver secure. I am going
>to Best Buy (ya i know, but it's the only computer related store in this
>shitty town so.) to buy a router and was just wanting to see what people
>could recommend on which ones are good. I've nver really gotten into
>this kinda thing before but want to learn. Will there be anything extra
>that I should get while I'm at the store? Cables etc? I only have one pc
>is there any point in having a router with one pc? Any links to how to
>set this up on FreeBSD? Thanks in advance.
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.3 (FreeBSD)
>
>iD8DBQE/zn4Bm8uTTHnDH3ERAsR1AKDTzQHhzHV0ei2OevUSo0jzdksikACghTjr
>QGg8Wa7hgX1Dr4vTXGjgCo8=
>=LXnN
>-----END PGP SIGNATURE-----
>_______________________________________________
>freebsd-questions at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
>
>
If you've got only a single PC to connect, then the only reason for
wanting (not needing) a (presumably broadband) router is anything fairly
recent will do NAT (address translation, basically lets > 1 PC share 1
public IP address). One of the 'side benefits' of NAT routers is that
they closes off connections initiated from the outside world (the Net).
Not that big of a deal with freeBSD, as the default services running by
default are pretty sensible (compared to past and some current versions
of Solaris, RedHat, SuSe etc etc), but this is generally A Good Thing if
you're running Windows at any point, or are playing around with
different services, as many of them have had exploits in the past that
script kiddies like to jump on.
Of course, you can also turn your bsd system into a router by adding
another NIC, and then attaching a hub or switch to one NIC, and the
other to your DSL or cable modem...
The disadvantage (serious annoyance IMHO) of 'hardware routers' (opposed
to software running on bsd or another *nix) is the general lack of
logging abilities. When I used to run several personal domains, it was
_amazing_ the number of portscans and IMAP and other exploits that would
be attempted on my systems. I personally like to know what's being
attempted against my systems, and most of the 'off the shelf' routers
from BestBuy, CompUSA etc are a far cry from Cisco and others, who do
run a 'real' (meaning user accessible) OS and can handle logging as well
as complex rules for port forwarding or dropping routes....
As far as freebsd is concerned, if you do decide to get one for whatever
reason, the router is effectively dual homed, meaningin this case, that
it has an internal network IP (eg 192.168.1.254) as well as an external
IP which is what 'the world' sees, which is the IP assigned to it via
the cable/DSL modem/your ISP. You'll need to set your 'internal'
systems (your home PCs/systems) to have their default gateway point to
the internal IP of the router. That will be the case regardless of
whatever OS you run...
Of course, even a 486 class system, with a minimal install of freebsd,
with /usr mounted immutable, and a small hard drive, would make a great
router, and you could also play around with a remote log host for
logging, monitoring tools like logcheck, sentry, saint, and others, as
well as designating your own port forwarding and firewall rulesets...if
you decide to buy an 'off the shelf' router and still want some sort of
idea of who's trying to do what to your system(s), you can port forward
a 'popular' port (like IMAP/139, http/80, and/or mail/25 to different
ports on your local system and set things up to only log the connection
instead of running the actual services......
Scott
More information about the freebsd-questions
mailing list