DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 9th August 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Thanked 0 Times in 0 Posts
Default allowing named machines only to connect via router

Hi everybody !

Something is wrong with a router : it never conserves its wpa/wpa2 settings .. undesirable clients connect ....... Maybe because it's pretty old a router (most recent firmware upgrade dates back to 2008 :-) )

What does OpenBSD as a firewall offer me to allow some named machines to connect while disallowing all the rest ?

Any help or guidance is welcome ..
Thank you very much !!
Reply With Quote
  #2   (View Single Post)  
Old 9th August 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,832
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by daemonfowl View Post
What does OpenBSD as a firewall offer me to allow some named machines to connect while disallowing all the rest ?
Clarify.
Reply With Quote
  #3   (View Single Post)  
Old 10th August 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Thanked 0 Times in 0 Posts
Default

Sorry , again :
I need to allow just 4 named LAN hosts to connect to the router (by specifying names/MAC or IP .. I don't know really) and disallow all foreign hosts . outsiders that may discover then try connecting to router .. (mostly smartphones)
can it be done using an OpenBSD firewall and still use dynamic IPs for those 4 machines ?
If not possible , what can I do to disallow intruders from using my insecure router (which never keeps its security settings (WEP/WPA..)
(The router has DMZ option and an option to set hosts by MAC address .. but since I can't rely on it anymore I'm asking for a solution ..)
Reply With Quote
  #4   (View Single Post)  
Old 10th August 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,429
Thanked 214 Times in 189 Posts
Default

I have both good news and bad news:
  • Good news! Yes, OpenBSD can either replace or be integrated with your gateway router to provide the two services your turnkey device does now: it can be 1) a router and it can 2) be a WiFi Access Point (with the right WiFi NIC or WiFi bridge). It can also do many things your device cannot, such as traffic shaping and providing advanced packet filtering.
  • Bad news! Implementing an OpenBSD-based network solution requires significantly more technical knowledge and skill than you apparently possess. This knowledge and these skills cannot be acquired by asking one or two questions on this forum -- they are best acquired through real education: classes, textbooks, professors, and study.
If you are truly interested, see if your local library or bookshops have some of the books discussed in www.openbsd.org/books.html
Reply With Quote
  #5   (View Single Post)  
Old 10th August 2012
denta denta is offline
Fdisk Soldier
 
Join Date: Nov 2009
Posts: 73
Thanked 0 Times in 0 Posts
Default

Randomly assuming a bunch of stuff, what you could do is to swap from "router mode" to "access point" mode on the router. Connect the router to the OpenBSD box. Enable dhcpd, authpf and IPsec on the NIC connected to the access point. You could even make it an open wifi network, since no unauthorized traffic will pass anyway due to authpf.

To make the IPsec configuration mega-easy with dhcp, you could assign "fixed" dhcpd-IPs based on MACs. Note that anyone would be able to get a certain IP as long as the corresponding MAC is presented.
Reply With Quote
  #6   (View Single Post)  
Old 12th August 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Thanked 0 Times in 0 Posts
Default

Thank you jggimi ! for the good & the bad news .. all is well, I can see that (ie wherever there is an inconvenience there is learning .. eg. if X didn't fail on Imac I'd never started learning/using tmux :-) .. as for books , even penguins are not found anywhere here let alone daemons .. Gates's narcissic gutenbergalactic hegemonism here .. but that's not the issue.
Teacher jggimi I'll spare you my silly questions coz "The lunatic is in my head" :-) .. I need to start right from basics (& jargon .. @vermaden was right : first prog lge to learn : eng )
denta , thank you very much !
When I tried the allow-by-MAC-address solution , settings (wep/wpa keys .. MAC .. Modulation Type .. ) are lost after the router is switched off .. a Jurassic piece of hw.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Rsync to compare two Synology - NAS machines? Broodjegehaktmetmayo Other BSD and UNIX/UNIX-like 0 24th June 2012 12:02 PM
Another Free Ruby Book named ...... qmemo Programming 0 26th January 2011 12:41 AM
simple named.conf with dnssec ? mayuka OpenBSD Security 21 31st January 2010 09:47 PM
PPPoE -> ADSL Router (Bridge) - Slow connect? DraconianTimes OpenBSD General 0 31st December 2008 01:07 PM
What do do with these machines? billousek Off-Topic 8 11th June 2008 01:04 PM


All times are GMT. The time now is 06:29 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick