|
FreeBSD Ports and Packages Installation and upgrading of ports and packages on FreeBSD. |
|
Thread Tools | Display Modes |
|
|||
FreeBSD Gateway
So, after playing around with a few Linux distributions such as Untangle, Endian, IP Cop, etc, I decided I wanted to make my own gateway with FreeBSD.
Here is what I am planning to do with it: NAT/PAT DHCP Firewall - Including blackholing port scanners for X amount of time Port Forwarding Caching DNS IPSec VPN for site to site and Clients IDS/IPS Possibly a Web-GUI in the future, but being I know nothing about PHP this may be a ways out. I would like to do inline Anti-virus similar to Untangle. Not sure how I am going to do this yet... But thats why I am doing it myself to learn! Here is what I am planning to use: Built in FreeBSD routing for NAT/PAT and well, routing. PF for Firewall and Port Forwarding? Squid for Caching DJB-DNS for DNS (tinydns) Not sure on DHCP yet OpenVPN for IPSec VPNs Obviously Apache (maybe now is a good time to learn Light-httpd?) for webgui MRTG for stats monitoring Snort for IDS/IPS This sounds like a big dream, but I would like to someday make this into a port that goes and installs all needed apps (listed above) and gets all needed configs/files from another server. Maybe some day an installer CD with this pre-configured? Who knows. I always figured the best way to learn anything is to have a reason to learn it. Whenever someone tells me they want to learn Linux or FreeBSD, I ask them what do they want to do with it? Just casual desktop use? Make a web server? Otherwise people have a tendency to just install it and never use it again. If you have a goal, you know what to look for/learn. Any pointers/tips from more experienced people? Thanks! -=Tom Last edited by tad1214; 5th July 2008 at 07:00 PM. |
|
|||
Tad1214
Everything you are wanting to accomplish can be done pretty easily. First and foremost I'd suggest using PF as your firewall. Features like Nat, QoS, Port forwarding etc.. can all be controlled by PF. For DHCPd I use /usr/ports/net/isc-dhcp3-server I am currently using Bind for DNS but tinydns should work just as well. Their are a few rc.conf additions you need to enable for routing; gateway_enable="YES" among others... Most of the basics can be described here and here Personally I'd recommend separate labels or partitions for things like squid and possibly Snort or MRTG. This all depends on how you want to set it all up. For anti virus look into ClamAV i use it with samba and have no issues. OpenVPN will be fine as well, theirs many to choose from but Open does the job for me. That should get you started - if you need help msg me |
|
||||
Hmm, sounds to me like you want to re-create pfSense (a FreeBSD-based firewall distro that uses pf and provides a nice web-based admin tool). You'd be better off giving that a try, and seeing if it does everything you want. I'm guessing it will.
And if it doesnt, you can always hack it to add what you need, and maybe they'll accept the patches to make it available for everyone. Last edited by phoenix; 6th July 2008 at 06:46 PM. Reason: Add second para. |
|
|||
Hmm it seems as if it will. But, I want to build this for the experience. However, pfSense will be a good tool to use to help me trouble shoot/look at configs etc. That does kinda put a null on my port/own distro. Thanks for the link!
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Another gateway box question | windependence | FreeBSD General | 3 | 11th November 2008 09:15 PM |
antivirus gateway | milo974 | OpenBSD Security | 9 | 14th September 2008 04:02 AM |
Error 504 gateway timeout | bsdbsd | FreeBSD General | 0 | 15th June 2008 01:06 PM |
Problem at the install with a pc gateway | mastersabin | FreeBSD Installation and Upgrading | 1 | 4th June 2008 07:47 PM |
Dual WAN gateway. | LordZ | OpenBSD Security | 2 | 2nd June 2008 09:00 AM |