From owner-freebsd-questions Sun Aug 1 15:43:32 1999 Delivered-To: freebsd-questions@freebsd.org Received: from apriori.net (paz.static.shore.net [209.192.153.107]) by hub.freebsd.org (Postfix) with ESMTP id DC07514DB7 for ; Sun, 1 Aug 1999 15:43:25 -0700 (PDT) (envelope-from paz@apriori.net) Received: from localhost (paz@localhost) by apriori.net (8.8.8/8.8.8) with ESMTP id SAA03258; Sun, 1 Aug 1999 18:38:27 -0400 (EDT) (envelope-from paz@apriori.net) Date: Sun, 1 Aug 1999 18:38:27 -0400 (EDT) From: paz To: "Paul R. Petitt" Cc: freebsd-questions@FreeBSD.ORG Subject: RE: ipchains in FreeBSD In-Reply-To: <4.2.0.58.19990801143611.00a33220@mail.theshop.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 1 Aug 1999, Paul R. Petitt wrote: : I would suggest getting an isdn router such as the ascend pipeline 50 or 75 : if indeed that is how your full time connection exists, then which ever : boxes are : available (I am assuming that means up and running) will still be connected : to the : internet even if the bsd box isn't (this further assumes that each box has : it's own : IP address ie no natd or aliasing in use). : : : At 08:54 AM 7/31/99 -0400, paz wrote: : > : > : >My config: : >FreeBSD 2.2.7; : >ISDN Terminal Adapter; : >Static IP with my service provider; (i.e., one!) : >domain name name service from ISP; : >full-time connection; : >local gateway host is the FreeBSD box; : >local area net at home uses the gateway to get to the internet; : >gateway uses natd to hide local net from internet; ^^^^^^^^^^^^^^^^^ : >local net uses non-routable addresses, 192.168.xxx.xxx; : >my domain name is apriori.net; : >my Windoze box is named cpriori.apriori.net; : >the FreeBSD gateway box is named gw.apriori.net; : >daemons running on gateway host include: : >-- natd ^^^^ : >-- named : >-- ipfw ^^^^ : >-- pppd : >(There are others, but probably not important for this discussion.) : >Also running tcp wrappers. ^^^^^^^^^^^^^^^^^^^^^^^^^ Not sure what protocols the Ascend units provide - and whether they include firewalling, address translation, wrappers, etc. From the sounds of it, it would be a step down from what I currently run, security-wise. And I wonder what they'd cost. This is FreeBSD I was discussing, right? ;-) ^^^^ In all likelihood, I could probably just turn off a bunch of services I'm currently running and do as you describe anyway. But the desired solution includes protecting the internal network (security) while using FreeBSD and a single static IP. This is a noncommercial site at this time, and runs ISDN single-channel as a matter of convenience - the other channel is used for voice. Adding monthly charges for dual-channel ISDN and multiple static IP addresses and purchasing an Ascend router, I would probably get hammered. The original topic regarded the possible availability of ipchains in FreeBSD and alternatives thereof. My reading of its characteristics led me to believe that its mapping techniques provided the equivalent services to what I currently run, with the added benefit of following shifting port addresses without losing the host-to-host mapping when using natd. ipchains is freely distributed with the current versions of Linux. Since I'm a FreeBSD fan, I'd prefer to stay with this OS than try to migrate to Linux. cheers - -- Philip. philip zimmermann paz@apriori.net www.apriori.net ayer, ma usa -- DISCLAIMER: Anyone sending me unsolicited commercial electronic mail automatically agrees to be held to the following legal terms: US Code Title 47, Sec.227(a)(2)(B), a computer/modem/printer meets the definition of a telephone fax machine. By Sec.227(b)(1)(C), it is unlawful to send any unsolicited advertisement to such equipment. By Sec.227(b)(3)(C), a violation of the aforementioned Section is punishable by action to recover actual monetary loss, or $500, whichever is greater, for each violation. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message