Date: Sun, 16 Jan 2000 02:45:34 -0800 (PST) From: "f.johan.beisser" <jan@caustic.org> To: Olaf Hoyer <ohoyer@fbwi.fh-wilhelmshaven.de> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Simple router with basic firewall functionalioties Message-ID: <Pine.BSF.4.21.0001160234300.57090-100000@pogo.caustic.org> In-Reply-To: <4.1.20000116041246.0097bd50@mail.rz.fh-wilhelmshaven.de>
next in thread | previous in thread | raw e-mail | index | archive | help
oof. make it hard ;) On Sun, 16 Jan 2000, Olaf Hoyer wrote: <snippage> > >> I also thought about a SAMBA server, to ensure compatibility to exchanga > >> data with the M$ machines running here. Any security issues? > > > >yes, but i think a better question is why? > > We use a peer -to peer network here, with mostly M$ machines using > SMB/Netbeui/Netbios here. To transfer files, we mostly use the M$ directory > stuff to allow access and so. Its easy, and even the girls here can figure > it out... > BTW, it is explicitly forbidden here in our home to use stuff like FTP servers. hrm. ok, one solution is to forward $GOODPACKET through, perhaps have an explicitly allowed list of servers and such in your firewall ruleset. <more snippage> > >unless the machine is going to do more than just be a firewall... > That was my second thought, to capsule the main box completely from the > rest of the network. i cought the network map you made earlier.. ok, so it would be isolated/protected from the rest of the network, but with some access to support the various needed apps (divert and so on). i still look at this and think it's a Bad Idea (TM). unless.. well, i already mentioned filtering out everything except for a specific list of hosts you'd want to let in to your network segment. this might be the only real option. > >> Is it also possible to Send/receive the "messenging service" of NT, > >> respective the "Popups"? > SMB messenging (broadcast type, used by the "telephony/popup" application > in WIn3.x/Win9x/NT) well, i know for a fact that you can establish a connection through nat, while denying all incoming packets. this works for ftp (wich has two ports that it uses), and most other applications. -- jan +-----// f. johan beisser //------------------------------+ email: jan[at]caustic.org web: http://www.caustic.org/~jan "knowledge is power. power corrupts. study hard, be evil." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0001160234300.57090-100000>