[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Create a canned "Firewall Build"?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: Create a canned "Firewall Build"?
- From: Richard Welty <rwelty_(_at_)_averillpark_(_dot_)_net>
- Date: Thu, 21 Feb 2002 10:54:05 -0500 (EST)
On Thu, 21 Feb 2002 09:28:58 -0500 (EST) Richard Welty <rwelty_(_at_)_averillpark_(_dot_)_net> wrote:
> i'm considering taking the configs i built for them and making a pf/nat
> howto out of it, as it's slightly more complex than the stuff that i
> found
> in the FAQ, etc., while researching the firewall. would anyone find this
> useful?
i got a lot of positive email, so the first draft is at
http://www.averillpark.net/OpenBSD/FW-HowTo.html
it is very much a first draft, so feel free to take potshots at the
content.
note that while these rules appear to be working well in my lab setup, i am
of the opinion that there may be a bit of redundancy in them, and that they
could possibly be made a little bit more concise. opinions of experts are
welcomed.
also, for completness, i could make the cisco config in the 1604 at the border
available, if any one cares. i'll try to do a picture of the topology at
some point, but it's really a very simple
border router<->DMZ<->Firewall<->Internal network
setup. the interactions of redirections and nat are the main feature of
this howto, in my opinion, as i didn't see any of that in the existing
documents that i encountered in my research.
richard
--
Richard Welty rwelty_(_at_)_averillpark_(_dot_)_net
Averill Park Networking 518-573-7592
Unix, Linux, IP Network Engineering, Security
Visit your host, monkey.org