Is it feisable to do a Firewall'ed DHCP server?
Ryan Merrick
sandshrimp at comcast.net
Fri Feb 27 15:07:33 PST 2004
Dragoncrest wrote:
> I'm looking to take an old P120 with 128m of ram and turn it into a lan
> DHCP server. The thing is, the guys who will be pulling DHCP addresses
> are cream of the crop computer users who really know their way around.
> So I plan to have all network services (minus DHCP of course) turned off
> and I will have IPFW running as well to protect the box from most hack
> attempts.
>
> The network itself with be a 300+ person gaming lan broken down into 24
> person Vlan's for added security. The box in question will only be
> console accessible to the average user. AKA, you ain't at the console,
> you don't get in as I plan to turn off sendmail, ssh, everything except
> DHCP and IPFW. So, how feisable is it to actually run a system like
> this? I realize I gotta open up certain ports in the firewall rules to
> allow DHCP. I'll figure those out later. I'm more curious if these
> steps to protect the security of the box are doable and if so, would
> they be practical? I'm just thinking ahead like this because I don't
> want the box to get hacked and used to bring down the network.
>
> I'm also looking to set the firewall to log ALL packets so that if we
> have a problem user, we can use the firewall logs to identify said user.
> I'd be looking for things like port scanning and other hacking/virus
> like activity. We had our network brought down once by same said virus
> and hacking activity but never found who did it. So this is our new
> plan to prevent that from happening and detect and remove said
> individuals who are causing said issues.
>
> It's hard enough running a 300 person gaming lan. We want to be sure
> that we don't have it brought to its knees like last time.
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
Hi,
Take a look at netreg for the user and dhcp management.
http://www.netreg.org/
--
-Ryan Merrick
sandshrimp at comcast.net
More information about the freebsd-questions
mailing list