From owner-freebsd-questions Fri Jun 28 13:34:34 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E17E337B401 for ; Fri, 28 Jun 2002 13:34:21 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 44DB443E09 for ; Fri, 28 Jun 2002 13:34:20 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1]) by smtp.infracaninophile.co.uk (8.12.4/8.12.4) with ESMTP id g5SKYItD011058; Fri, 28 Jun 2002 21:34:18 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost) by happy-idiot-talk.infracaninophile.co.uk (8.12.4/8.12.4/Submit) id g5SKYCdC011057; Fri, 28 Jun 2002 21:34:12 +0100 (BST) Date: Fri, 28 Jun 2002 21:34:12 +0100 From: Matthew Seaman To: "B.K. DeLong" Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Configuration issues in creating a DMZ in 5.0 ? Message-ID: <20020628203412.GA10942@happy-idiot-talk.infracaninophi> References: <5.1.0.14.2.20020628153208.0438e9c8@pop.earthlink.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5.1.0.14.2.20020628153208.0438e9c8@pop.earthlink.net> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Jun 28, 2002 at 03:44:22PM -0400, B.K. DeLong wrote: > I'm about to start hosting a mailserver and DNS server at home and I'm > trying to setup a DMZ to run these services under. However, I can't quite > figure out how to setup the config in rc.conf. Anyone have a good guide to > creating a DMZ with FreeBSD? It's not FreeBSD specific, but Zwicky, Cooper & Chapman "Building Internet Firewalls", 2nd Ed O'Reilly & Assoc, 2000 http://www.oreilly.com/catalog/fire2/ is a good guide to firewall design. The perimeter network aka DMZ is nothing more than a subnet protected by packet filtering routers within which you place your Internet accessible servers. Usually it's viewed as the interface between an internal, private network and the public networks. The main FreeBSD specific information is a) how to harden your bastion hosts and packet filtering routers and b) how to set up IPFW or IPF to perform the required packet filtering. There are many resources around the net that describe how to do this sort of thing: check out http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/securing-freebsd.html http://www.bsdtoday.com/resources/HOWTOs/ http://www.samag.com/documents/s=1151/sam0105d/0105d.htm http://www.onlamp.com/pub/a/bsd/2001/02/07/FreeBSD_Basics.html http://www.daemonnews.org/200108/security_overview.html Or just google for "freebsd security". Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Tel: +44 1628 476614 Marlow Fax: +44 0870 0522645 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message