Is it feisable to do a Firewall'ed DHCP server?

Dragoncrest dragoncrest at
Thu Feb 26 12:12:43 PST 2004

I'm looking to take an old P120 with 128m of ram and turn it into a lan
DHCP server.  The thing is, the guys who will be pulling DHCP addresses
are cream of the crop computer users who really know their way around. 
So I plan to have all network services (minus DHCP of course) turned off
and I will have IPFW running as well to protect the box from most hack

The network itself with be a 300+ person gaming lan broken down into 24
person Vlan's for added security.  The box in question will only be
console accessible to the average user.  AKA, you ain't at the console,
you don't get in as I plan to turn off sendmail, ssh, everything except
DHCP and IPFW.  So, how feisable is it to actually run a system like
this?  I realize I gotta open up certain ports in the firewall rules to
allow DHCP.  I'll figure those out later.  I'm more curious if these
steps to protect the security of the box are doable and if so, would
they be practical?  I'm just thinking ahead like this because I don't
want the box to get hacked and used to bring down the network.

I'm also looking to set the firewall to log ALL packets so that if we
have a problem user, we can use the firewall logs to identify said user.
 I'd be looking for things like port scanning and other hacking/virus
like activity.  We had our network brought down once by same said virus
and hacking activity but never found who did it.  So this is our new
plan to prevent that from happening and detect and remove said
individuals who are causing said issues.

It's hard enough running a 300 person gaming lan.  We want to be sure
that we don't have it brought to its knees like last time.

More information about the freebsd-questions mailing list