Is it feisable to do a Firewall'ed DHCP server?

Ryan Merrick sandshrimp at comcast.net
Fri Feb 27 15:07:33 PST 2004


Dragoncrest wrote:
> I'm looking to take an old P120 with 128m of ram and turn it into a lan
> DHCP server.  The thing is, the guys who will be pulling DHCP addresses
> are cream of the crop computer users who really know their way around. 
> So I plan to have all network services (minus DHCP of course) turned off
> and I will have IPFW running as well to protect the box from most hack
> attempts.
> 
> The network itself with be a 300+ person gaming lan broken down into 24
> person Vlan's for added security.  The box in question will only be
> console accessible to the average user.  AKA, you ain't at the console,
> you don't get in as I plan to turn off sendmail, ssh, everything except
> DHCP and IPFW.  So, how feisable is it to actually run a system like
> this?  I realize I gotta open up certain ports in the firewall rules to
> allow DHCP.  I'll figure those out later.  I'm more curious if these
> steps to protect the security of the box are doable and if so, would
> they be practical?  I'm just thinking ahead like this because I don't
> want the box to get hacked and used to bring down the network.
> 
> I'm also looking to set the firewall to log ALL packets so that if we
> have a problem user, we can use the firewall logs to identify said user.
>  I'd be looking for things like port scanning and other hacking/virus
> like activity.  We had our network brought down once by same said virus
> and hacking activity but never found who did it.  So this is our new
> plan to prevent that from happening and detect and remove said
> individuals who are causing said issues.
> 
> It's hard enough running a 300 person gaming lan.  We want to be sure
> that we don't have it brought to its knees like last time.
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
> 
Hi,

Take a look at netreg for the user and dhcp management.
http://www.netreg.org/


-- 
-Ryan Merrick
sandshrimp at comcast.net



More information about the freebsd-questions mailing list