Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 28 Jun 2002 21:34:12 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        "B.K. DeLong" <bkdelong@pobox.com>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Configuration issues in creating a DMZ in 5.0 ?
Message-ID:  <20020628203412.GA10942@happy-idiot-talk.infracaninophi>
In-Reply-To: <5.1.0.14.2.20020628153208.0438e9c8@pop.earthlink.net>
References:  <5.1.0.14.2.20020628153208.0438e9c8@pop.earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, Jun 28, 2002 at 03:44:22PM -0400, B.K. DeLong wrote:
> I'm about to start hosting a mailserver and DNS server at home and I'm 
> trying to setup a DMZ to run these services under. However, I can't quite 
> figure out how to setup the config in rc.conf. Anyone have a good guide to 
> creating a DMZ with FreeBSD?

It's not FreeBSD specific, but Zwicky, Cooper & Chapman "Building
Internet Firewalls", 2nd Ed O'Reilly & Assoc, 2000
http://www.oreilly.com/catalog/fire2/ is a good guide to firewall design.

The perimeter network aka DMZ is nothing more than a subnet protected
by packet filtering routers within which you place your Internet
accessible servers.  Usually it's viewed as the interface between an
internal, private network and the public networks.

The main FreeBSD specific information is a) how to harden your bastion
hosts and packet filtering routers and b) how to set up IPFW or IPF to
perform the required packet filtering.  There are many resources
around the net that describe how to do this sort of thing:  check out

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/securing-freebsd.html
http://www.bsdtoday.com/resources/HOWTOs/ 
http://www.samag.com/documents/s=1151/sam0105d/0105d.htm
http://www.onlamp.com/pub/a/bsd/2001/02/07/FreeBSD_Basics.html
http://www.daemonnews.org/200108/security_overview.html

Or just google for "freebsd security".

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
Tel: +44 1628 476614                                  Marlow
Fax: +44 0870 0522645                                 Bucks., SL7 1TH UK

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020628203412.GA10942>