Router question

[Bryan Cassidy]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I was able to put something together. Aother PC. I've attached a copy of
the dmesg of the other machine I have. This would be the section of the
handbook on setting another pc up as a router wouldnt it?


http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.html

I just want to start learning about this in the right areas to begin
with. I've never really understood nat. Think maybe I should install
FreeBSD 5.1 on the other machine or is 4.8 ok for this purpose even ok
if I want to start doing more advanced network/security settings. Is
there any advances on using 5.1 over 4.8 in this situation? So how would
I go about setting this other machine up as a router? The PC I am using
now is the one I like to do all my work on. I will have the other PC
probable on the floor just below my main PC. I have an extra DSL cable.
Plus what into what? Kinda confused here. I run these services on my
box. Thanks for the help.

Bryan

CUPS
Apache
PHP
COURIER-IMAP
POSTFIX
SquirrelMail



On Thu, 04 Dec 2003 03:15:38 -0500
Scott W <wegster at mindcore.net> wrote:

> Bryan Cassidy wrote:
> 
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >Hello everyone. Hows everyone doing tongith/today? Well, I'm taking a
> >week off of work and thought I would read up on Security/Networking
> >and anything else to do with making my system/webserver secure. I am
> >going to Best Buy (ya i know, but it's the only computer related
> >store in this shitty town so.) to buy a router and was just wanting
> >to see what people could recommend on which ones are good. I've nver
> >really gotten into this kinda thing before but want to learn. Will
> >there be anything extra that I should get while I'm at the store?
> >Cables etc? I only have one pc is there any point in having a router
> >with one pc? Any links to how to set this up on FreeBSD? Thanks in
> >advance.-----BEGIN PGP SIGNATURE-----
> >Version: GnuPG v1.2.3 (FreeBSD)
> >
> >iD8DBQE/zn4Bm8uTTHnDH3ERAsR1AKDTzQHhzHV0ei2OevUSo0jzdksikACghTjr
> >QGg8Wa7hgX1Dr4vTXGjgCo8=
> >=LXnN
> >-----END PGP SIGNATURE-----
> >_______________________________________________
> >freebsd-questions at freebsd.org mailing list
> >http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> >To unsubscribe, send any mail to
> >"freebsd-questions-unsubscribe at freebsd.org"
> >
> >  
> >
> If you've got only a single PC to connect, then the only reason for 
> wanting (not needing) a (presumably broadband) router is anything
> fairly recent will do NAT (address translation, basically lets > 1 PC
> share 1 public IP address).  One of the 'side benefits' of NAT routers
> is that they closes off connections initiated from the outside world
> (the Net).  Not that big of a deal with freeBSD, as the default
> services running by default are pretty sensible (compared to past and
> some current versions of Solaris, RedHat, SuSe etc etc), but this is
> generally A Good Thing if you're running Windows at any point, or are
> playing around with different services, as many of them have had
> exploits in the past that script kiddies like to jump on.
> 
> Of course, you can also turn your bsd system into a router by adding 
> another NIC, and then attaching a hub or switch to one NIC, and the 
> other to your DSL or cable modem...
> 
> The disadvantage (serious annoyance IMHO) of 'hardware routers'
> (opposed to software running on bsd or another *nix) is the general
> lack of logging abilities.  When I used to run several personal
> domains, it was _amazing_ the number of portscans and IMAP and other
> exploits that would be attempted on my systems.  I personally like to
> know what's being attempted against my systems, and most of the 'off
> the shelf' routers from BestBuy, CompUSA etc are a far cry from Cisco
> and others, who do run a 'real' (meaning user accessible) OS and can
> handle logging as well as complex rules for port forwarding or
> dropping routes....
> 
> As far as freebsd is concerned, if you do decide to get one for
> whatever reason, the router is effectively dual homed, meaningin this
> case, that it has an internal network IP (eg 192.168.1.254) as well as
> an external IP which is what 'the world' sees, which is the IP
> assigned to it via the cable/DSL modem/your ISP.  You'll need to set
> your 'internal' systems (your home PCs/systems) to have their default
> gateway point to the internal IP of the router.  That will be the case
> regardless of whatever OS you run...
> 
> Of course, even a 486 class system, with a minimal install of freebsd,
> 
> with /usr mounted immutable, and a small hard drive, would make a
> great router, and you could also play around with a remote log host
> for logging, monitoring tools like logcheck, sentry, saint, and
> others, as well as designating your own port forwarding and firewall
> rulesets...if you decide to buy an 'off the shelf' router and still
> want some sort of idea of who's trying to do what to your system(s),
> you can port forward a 'popular' port (like IMAP/139, http/80, and/or
> mail/25 to different ports on your local system and set things up to
> only log the connection instead of running the actual services......
> 
> 
> Scott
> 
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/z6GMm8uTTHnDH3ERAm1MAJsF09ewS/A3s1U/VH2u6NbCJQzVZQCguGJh
+CwTOovNglGX7qe10R1lfOk=
=PwDF
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: typescript
Type: application/octet-stream
Size: 4357 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20031204/90cc0a55/typescript.obj