Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!pravda.aa.msen.com!spool.mu.edu!agate!howland.reston.ans.net!newsfeed.internetmci.com!news.sprintlink.net!in1.uu.net!news-1a.csn.net!usenet From: yahnz@csn.org@199.117.27.22 (Jan C. Zawadzki) Newsgroups: comp.unix.bsd.freebsd.misc,comp.protocols.tcp-ip Subject: Re: Firewalls, Filters, and Routers, oh my.... Date: 27 Aug 1995 17:00:38 GMT Organization: SuperNet Inc. (303)-296-8202 Denver Colorado Lines: 21 Message-ID: <41q8bm$4og@news-2.csn.net> References: <40b5u5$2er@hydra.msgi.com> Reply-To: yahnz@csn.org NNTP-Posting-Host: 204.131.233.3 X-Newsreader: IBM NewsReader/2 v1.2 Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:5298 comp.protocols.tcp-ip:38549 In <40b5u5$2er@hydra.msgi.com>, gryphon@msgi.com (Coranth Gryphon) writes: >Hi. I am trying to determine how to do the following (using a FreeBSD box): > ISP <-ppp-> [router] <---> BSD <-ether-> network >The [router] is optional if the BSD box does everything I need. Try it the other way around - INET <-> router <-> BSD box <-> PPP client This way you can configure the router to drop traffic on unknown sockets, and restrict connections _before_ they hit the BSD box. On the BSD machine install tcp wrappers, socks, tripwire, maybe proxy. You should be set. The assumption is that the router will be hard to compromise, and will make breaking into the bastion host even harder. If you want even more security, put another router between the BSD box and your PPP server. >-coranth --- Jan C. Zawadzki | yahnz@csn.org | Team-OS/2 Warp - the only way to travel...