Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 04 Apr 1995 04:43:06 +0100
From:      Gary Palmer <gary@palmer.demon.co.uk>
To:        mcw@hpato.aus.hp.com
Cc:        "freebsd-questions@freefall.cdrom.com" <freebsd-questions@freefall.cdrom.com>
Subject:   Re: FreeBSD as router,firewall machine and terminal server 
Message-ID:  <2106.796966986@palmer.demon.co.uk>
In-Reply-To: Your message of "Tue, 04 Apr 1995 13:13:33 EST." <199504040313.AA156615221@hp.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message <199504040313.AA156615221@hp.com>, mcw@hpato.aus.hp.com writes:
>Hi networking experts,
>   Presumably, for 1) I need gated and IPFORWARD ?

IPFORWARD, yes. Gated, probably not unless you are running more than
one subnet. Just set all (internal) machines default route to the FreeBSD
gateway and it should work.

>   for 2) I need an extremely secure system, and I remembered people
>   are talking about ipfirewall, deslogin etc, can some of them be
>   mixed together to achieve a secure system ?

For PPP you have two options... there are two firewalling systems
available. If you use /usr/bin/ppp with the tun driver, there is
built-in firewalling to the ppp program, and it also allows you to set
what triggers the dial-out if you set it to auto-dial. There is also
the `ipfw' utility which uses kernel level firewalls.

My suggestion would be to read the example given in
/etc/ppp/ppp.conf.filter.sample, as it sets up a firewall which allows
little or no access to the actual gateway machine apart from the
internal network.  However, it allows packets to be routed across the
PPP link in either direction.

>   for 3), I have no idea how I can turn a FreeBSD box into a terminal
>   server at all.

What sort of terminals? Dial in or hard wired? For hard wired terminals
it's relatively easy, you just set up /etc/ttys with the relevant info.
Dial-in is a bit more difficult, and what you want depends on whether you
want simple login access or to provide slip/ppp access.

Hope this helps some.

Gary

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2106.796966986>