[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Create a canned "Firewall Build"?

On Thu, 21 Feb 2002 08:55:44 -0500 Peter <peter_(_at_)_easynix_(_dot_)_com> wrote:

> That's a good one. A firewall shouldn't have any user accounts (besides
> your own)
> and on a firewall you shouldn't run anything besides nat and pf.
> Otherwise it wouldn't
> be a firwall anymore.
> I'm kind of afraid to hear next that somebody is running smbd/nmbd on
> his firewall :-)))

ack. don't get me started.

my current client has an all-in-one box from some random vendor, a
Firewall/Web Server/DNS server/Mail Server/Samba Server, which also had the
low speed serial card w/DSU as an added bonus. they had turned down mail
and samba, but still had the other stuff running.

i've built them a nice set of OpenBSD servers and started turning down
services on the all-in-one box; the replacement firewall that i just built
for them is in my basement, ready to be shipped and installed, as soon as
we get the DNS situation squared away.

the things people will sell, the things people will buy.

i'm considering taking the configs i built for them and making a pf/nat
howto out of it, as it's slightly more complex than the stuff that i found
in the FAQ, etc., while researching the firewall. would anyone find this

Richard Welty                                         rwelty_(_at_)_averillpark_(_dot_)_net
Averill Park Networking                                         518-573-7592
              Unix, Linux, IP Network Engineering, Security

Visit your host, monkey.org