OpenBSD.Transparent.Firewall.Installation.Guide.2003.pdf
(
506 KB
)
Pobierz
OpenBSD Transparent Firewall Installation Guide
Contents
I
Table of Contents
Part I Document Overview
3
Part II Document Details
4
Part III Setup (Openbrick Only)
4
1 BIOS Settings
................................................................................................................................... 5
................................................................................................................................... 5
2 Disabling Network Boot
Part IV Installation
5
1 Partitioning
................................................................................................................................... 6
2 Configuring The Network
................................................................................................................................... 9
................................................................................................................................... 8
3 Installing the "install sets"
................................................................................................................................... 10
4 Finishing Up
Part V Post Installation
11
1 Disabling unused services
................................................................................................................................... 11
................................................................................................................................... 11
2 Removing unused directories
................................................................................................................................... 11
3 Mounting /usr read-only
................................................................................................................................... 12
4 Installing additional packages
................................................................................................................................... 12
5 Removing other unused features
................................................................................................................................... 12
6 Enabling a serial console
................................................................................................................................... 13
7 Enabling ramdisks
................................................................................................................................... 13
8 Read-Only 1: Automatically copying...
................................................................................................................................... 14
9 Read-Only 2: Creating /dev in mfs
................................................................................................................................... 14
10 Summary
Part VI Networking
15
1 Configuring the network devices
................................................................................................................................... 16
................................................................................................................................... 15
2 Configuring a management network device
................................................................................................................................... 16
3 Creating the bridge
................................................................................................................................... 16
4 Activating the packet filter
................................................................................................................................... 16
5 Filtering packets
................................................................................................................................... 17
6 Reloading rules
................................................................................................................................... 17
7 Testing the rules
Part VII Example PF Rules
17
1 Definitions
................................................................................................................................... 17
2 Defining the default mode
................................................................................................................................... 18
© <2003> ... NETIKUS.NET ltd
I
II
OpenBSD Transparent Firewall Installation Guide
3 Blocking services using a single port
................................................................................................................................... 18
................................................................................................................................... 18
4 Blocking services using multiple ports
................................................................................................................................... 19
5 Blocking outgoing file sharing protocals
................................................................................................................................... 19
6 Exceptions to the rule
................................................................................................................................... 20
7 Logging dropped packets
Part VIII Appendix A: Installation on a DELL Optiplex
GX270
20
Part IX Appendix B: Example of pf.conf file
21
Part X Appendix C: Additional Resources
21
Index
0
© <2003> ... NETIKUS.NET ltd
Document Overview
3
1
Document Overview
Author:
Date:
Revision:
NETIKUS.NET ltd
21st Oct 2003
1.1
OpenBSD Transparent Firewall Installation Guide
Title
OpenBSD Transparent Firewall Installation Guide
Summary
Transparent firewall installation with OpenBSD, using OpenBrick-E
hardware as an example
Software
OpenBSD 3.3
Hardware
OpenBrick-E with CF card or generic i386 PC (http://www.hacom.net)
Skill Level
Beginner - Intermediate
Skills Required
- Basic understanding of Unix
- Basic understanding of TCP/IP (firewall configuration)
- Basic familiarity of Unix shell (e.g. csh, bash)
- Basic usage of the vi editor
Acknowledgements
Thanks to Chuck Yerkes for offering tips on getting OpenBSD to work
read-only.
Download
http://www.netikus.net/
(guides section)
© <2003> ... NETIKUS.NET ltd
4
OpenBSD Transparent Firewall Installation Guide
2
Document Details
Overview
This document describes how to install a transparent firewall (based
on OpenBSD) on an Openbrick-E hardware using a CompactFlash
(512Mb or 256Mb) card. We will make a reasonable effort on
installing OpenBSD mostly read-only.
The Openbrick-E comes with a VIA C3 processor, 256Mb of RAM
and three Realtek NICs. Other models and variations are available
(more RAM, different NICs) but we'll be referring to the default
configuration in this document. For more information on available
OpenBrick models please visit
http://www.openbrick.org
or the
distributor in the US http://www.hacom.net/.
You can also use this document as a guideline to install OpenBSD
on different types of hardware, read-write if you do have sufficient
hard disk space.
Transparent Firewall
A transparent firewall is an ethernet bridge that transparently filters
out potentially malicious packets. By not assigning any IP addresses
to the two bridging interfaces the device is more or less invisible on
the network. The 3
rd
NIC can be used to administer this machine
using a private IP address.
Possible Applications
Transparent firewalls are useful in a variety of network scenarios
since they do not require a reconfiguration of other networking
equipment. They can be used to
·
protect an entire network by attaching it to the main gateway
(router)
·
protect a subnet by attaching it to uplink hub ports
·
protect a newly installed computer by attaching it between the
computer and the hub
Why?
This guide was written after a transparent firewall was installed at a
major university located in the United States. The firewall was
needed to restrict access to certain computers, most notable
unprotected Windows based servers and clients.
3
Setup (Openbrick Only)
We will install OpenBSD 3.3 (without Xfree) on a CF disk with 512Mb of size, this makes the
installation easy and less complex since there are no space restrictions for a default installation. Feel
free to install OpenBSD on smaller disks as well, we will give some hints on how to accomplish that
later on.
© <2003> ... NETIKUS.NET ltd
Setup (Openbrick Only)
5
3.1
BIOS Settings
Enter the BIOS and modify the following settings:
Change
framebuffer
to
2Mb
Change AGP aperture to
4Mb
Disable built-in
USB
Disable built-in
sound
Disable built-in
modem
Disable built-in
floppy
(a bug in the current BIOS version makes this setting ineffective)
3.2
Disabling Network Boot
By default the built-in network cards try to boot over the network which causes a significant boot delay.
When you see the
SHIFT-F10
prompt press this combination (3x for each NIC) and disable this
feature, save the changes with
F4
.
4
Installation
After inserting the bootable CD that you either downloaded or purchased through the openbsd.org
website you will see a screen similar to the one shown below:
We can either install or upgrade an existing OpenBSD installation, in addition we can "misuse" the
installation CD as a rescue CD and enter the shell by pressing S.
Answer the following questions as shown below. Default answers are always shown in brackets,
simply pressing enter answer a question using this default.
Terminal type? [vt220]
vt220
Do you wish to select a keyboard encoding table? [n]
n
Proceed with install? [n]
y
© <2003> ... NETIKUS.NET ltd
Plik z chomika:
ms500
Inne pliki z tego folderu:
Addison.Wesley.Design.and.Implementation.of.the.FreeBSD.Operating.System.Aug.2004.chm
(6387 KB)
article.Sysadmin.Freebsd.Security.Tools.2001.pdf
(183 KB)
FreeNAS_8.2_Users_Guide.pdf
(7073 KB)
Newnes.Embedded.FreeBSD.Cookbook.2002.pdf
(1117 KB)
No.Starch.Building.a.Server.with.FreeBSD.7.A.Modular.Approach.Mar.2008.chm
(740 KB)
Inne foldery tego chomika:
APACHE_TOMCAT_JBOSS
ASSEMBLY.LANGUAGE
C
C.Sharp
C++
Zgłoś jeśli
naruszono regulamin