Date: Sun, 1 Aug 1999 18:38:27 -0400 (EDT) From: paz <paz@apriori.net> To: "Paul R. Petitt" <prpetitt@theshop.net> Cc: freebsd-questions@FreeBSD.ORG Subject: RE: ipchains in FreeBSD Message-ID: <Pine.BSF.4.10.9908011820590.3194-100000@gw.apriori.net> In-Reply-To: <4.2.0.58.19990801143611.00a33220@mail.theshop.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 1 Aug 1999, Paul R. Petitt wrote:
: I would suggest getting an isdn router such as the ascend pipeline 50 or 75
: if indeed that is how your full time connection exists, then which ever
: boxes are
: available (I am assuming that means up and running) will still be connected
: to the
: internet even if the bsd box isn't (this further assumes that each box has
: it's own
: IP address ie no natd or aliasing in use).
:
:
: At 08:54 AM 7/31/99 -0400, paz wrote:
: >
: >
: >My config:
: >FreeBSD 2.2.7;
: >ISDN Terminal Adapter;
: >Static IP with my service provider; (i.e., one!)
: >domain name name service from ISP;
: >full-time connection;
: >local gateway host is the FreeBSD box;
: >local area net at home uses the gateway to get to the internet;
: >gateway uses natd to hide local net from internet;
^^^^^^^^^^^^^^^^^
: >local net uses non-routable addresses, 192.168.xxx.xxx;
: >my domain name is apriori.net;
: >my Windoze box is named cpriori.apriori.net;
: >the FreeBSD gateway box is named gw.apriori.net;
: >daemons running on gateway host include:
: >-- natd
^^^^
: >-- named
: >-- ipfw
^^^^
: >-- pppd
: >(There are others, but probably not important for this discussion.)
: >Also running tcp wrappers.
^^^^^^^^^^^^^^^^^^^^^^^^^
Not sure what protocols the Ascend units provide - and whether they
include firewalling, address translation, wrappers, etc. From the sounds
of it, it would be a step down from what I currently run, security-wise.
And I wonder what they'd cost. This is FreeBSD I was discussing, right?
;-) ^^^^
In all likelihood, I could probably just turn off a bunch of services I'm
currently running and do as you describe anyway. But the desired solution
includes protecting the internal network (security) while using FreeBSD
and a single static IP.
This is a noncommercial site at this time, and runs ISDN single-channel as
a matter of convenience - the other channel is used for voice. Adding
monthly charges for dual-channel ISDN and multiple static IP addresses and
purchasing an Ascend router, I would probably get hammered.
The original topic regarded the possible availability of ipchains in
FreeBSD and alternatives thereof. My reading of its characteristics led me
to believe that its mapping techniques provided the equivalent services to
what I currently run, with the added benefit of following shifting port
addresses without losing the host-to-host mapping when using natd.
ipchains is freely distributed with the current versions of Linux. Since
I'm a FreeBSD fan, I'd prefer to stay with this OS than try to migrate to
Linux.
cheers -
-- Philip.
philip zimmermann paz@apriori.net
www.apriori.net ayer, ma usa
--
DISCLAIMER: Anyone sending me unsolicited commercial electronic mail
automatically agrees to be held to the following legal terms:
US Code Title 47, Sec.227(a)(2)(B), a computer/modem/printer meets the
definition of a telephone fax machine. By Sec.227(b)(1)(C), it is
unlawful to send any unsolicited advertisement to such equipment. By
Sec.227(b)(3)(C), a violation of the aforementioned Section is punishable
by action to recover actual monetary loss, or $500, whichever is greater,
for each violation.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9908011820590.3194-100000>