DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Ports and Packages

FreeBSD Ports and Packages Installation and upgrading of ports and packages on FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 5th July 2008
tad1214 tad1214 is offline
Real Name: Thomas Donnelly
Fdisk Soldier
 
Join Date: Jun 2008
Location: Houston, TX
Posts: 60
Default FreeBSD Gateway

So, after playing around with a few Linux distributions such as Untangle, Endian, IP Cop, etc, I decided I wanted to make my own gateway with FreeBSD.

Here is what I am planning to do with it:
NAT/PAT
DHCP
Firewall - Including blackholing port scanners for X amount of time
Port Forwarding
Caching
DNS
IPSec VPN for site to site and Clients
IDS/IPS

Possibly a Web-GUI in the future, but being I know nothing about PHP this may be a ways out.

I would like to do inline Anti-virus similar to Untangle. Not sure how I am going to do this yet... But thats why I am doing it myself to learn!

Here is what I am planning to use:
Built in FreeBSD routing for NAT/PAT and well, routing.
PF for Firewall and Port Forwarding?
Squid for Caching
DJB-DNS for DNS (tinydns)
Not sure on DHCP yet
OpenVPN for IPSec VPNs
Obviously Apache (maybe now is a good time to learn Light-httpd?) for webgui
MRTG for stats monitoring
Snort for IDS/IPS

This sounds like a big dream, but I would like to someday make this into a port that goes and installs all needed apps (listed above) and gets all needed configs/files from another server. Maybe some day an installer CD with this pre-configured? Who knows.

I always figured the best way to learn anything is to have a reason to learn it. Whenever someone tells me they want to learn Linux or FreeBSD, I ask them what do they want to do with it? Just casual desktop use? Make a web server? Otherwise people have a tendency to just install it and never use it again. If you have a goal, you know what to look for/learn.

Any pointers/tips from more experienced people?

Thanks!
-=Tom

Last edited by tad1214; 5th July 2008 at 07:00 PM.
Reply With Quote
  #2   (View Single Post)  
Old 5th July 2008
Eam404 Eam404 is offline
Port Guard
 
Join Date: May 2008
Posts: 21
Default

Tad1214

Everything you are wanting to accomplish can be done pretty easily. First and foremost I'd suggest using PF as your firewall. Features like Nat, QoS, Port forwarding etc.. can all be controlled by PF. For DHCPd I use /usr/ports/net/isc-dhcp3-server I am currently using Bind for DNS but tinydns should work just as well. Their are a few rc.conf additions you need to enable for routing; gateway_enable="YES" among others...

Most of the basics can be described here and here Personally I'd recommend separate labels or partitions for things like squid and possibly Snort or MRTG. This all depends on how you want to set it all up. For anti virus look into ClamAV i use it with samba and have no issues. OpenVPN will be fine as well, theirs many to choose from but Open does the job for me.

That should get you started - if you need help msg me
Reply With Quote
  #3   (View Single Post)  
Old 6th July 2008
phoenix's Avatar
phoenix phoenix is offline
Risen from the ashes
 
Join Date: May 2008
Posts: 696
Default

Hmm, sounds to me like you want to re-create pfSense (a FreeBSD-based firewall distro that uses pf and provides a nice web-based admin tool). You'd be better off giving that a try, and seeing if it does everything you want. I'm guessing it will.

And if it doesnt, you can always hack it to add what you need, and maybe they'll accept the patches to make it available for everyone.
__________________
Freddie

Help for FreeBSD: Handbook, FAQ, man pages, mailing lists.

Last edited by phoenix; 6th July 2008 at 06:46 PM. Reason: Add second para.
Reply With Quote
  #4   (View Single Post)  
Old 6th July 2008
tad1214 tad1214 is offline
Real Name: Thomas Donnelly
Fdisk Soldier
 
Join Date: Jun 2008
Location: Houston, TX
Posts: 60
Default

Hmm it seems as if it will. But, I want to build this for the experience. However, pfSense will be a good tool to use to help me trouble shoot/look at configs etc. That does kinda put a null on my port/own distro. Thanks for the link!
Reply With Quote
  #5   (View Single Post)  
Old 11th July 2008
18Googol2's Avatar
18Googol2 18Googol2 is offline
Real Name: whoami
Spam Deminer
 
Join Date: Apr 2008
Location: pwd
Posts: 283
Default

Quote:
Originally Posted by tad1214 View Post
This sounds like a big dream, but I would like to someday make this into a port that goes and installs all needed apps (listed above) and gets all needed configs/files from another server. Maybe some day an installer CD with this pre-configured? Who knows.
Application is overkill, shell script is sufficient

Btw, there is a port for *generic* server (FreeBSD is server oriented OS you know)

/usr/ports/misc/instant-server

It will install Postfix, DHCPd, samba, Apache and Squid
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Another gateway box question windependence FreeBSD General 3 11th November 2008 09:15 PM
antivirus gateway milo974 OpenBSD Security 9 14th September 2008 04:02 AM
Error 504 gateway timeout bsdbsd FreeBSD General 0 15th June 2008 01:06 PM
Problem at the install with a pc gateway mastersabin FreeBSD Installation and Upgrading 1 4th June 2008 07:47 PM
Dual WAN gateway. LordZ OpenBSD Security 2 2nd June 2008 09:00 AM


All times are GMT. The time now is 07:56 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick