The home page

The latest version

 How to get NetBSD Firewall
 
Supported hardware
 
Customer Reviews
 


Questions you should have

 Is it useful for me?
 
What information do I need?
 
What hardware do I need?
 
What software do I need?
 
How do I plug it all in?
 


How to install it

 Getting the hardware ready
 
Getting the software ready
 
The installation process
 
Checking if it works
 
Changing your home computer
 
What's next (possibble extra's)?
 
CD and Donations


Full technical disclosure

 How to get the sources
 
Who we are


Related technical resources

  Sites with information
 
Sites with tools
 
intrusion detection software
 


Let us know!

 Tell us you installed it
 
Any problems? Let us know!
 

What's next?

There's plenty of things we want to do next. For example, intrusion detection tools, or adding mail and web services to your setup.

 

Currently, we're simply working on getting all the details right, and making sure what we have now runs on as many systems as we can.

For the next step, we need you to tell us what you would like to see. Mail us!

If you'd like to know more about NetBSD, install more than one firewall, or show your appreciation for our work, visit our CD and domation page.

 

If you want to run a web server behind your firewall, add a line to /etc/ipnat.conf to redirect to the web site:

rdr ep0 1.2.3.4/32 port 80 -> 192.168.1.101 port 80

(where 1.2.3.4 is the external address, 192.168.1.101 the web server address, ep0 the external network interface. Port 80 is the web server port)

Then type "ipnat -f /etc/ipnat.conf" or alternatively restart the firewall

If you want to run other servers behind your firewall, just use the port number that service uses instead of 80 - but remember, every hole you punch in the firewall like this exposes a little bit of your systems; make sure you know the server you're using is secure. For example, if you add a mail server (port 25), make sure it cannot be used to send out spam. If you're not sure, just mail us with your questions.

 

We've put snort, the open source intrusion detection software, into the distribution - all you have to do is install detection rules, enable it, and here's how to do it:

edit /etc/rc.local, add a line like this:

/usr/local/bin/snort -D -c /usr/local/share/snort/rules.conf -s

(that should start snort on system startup)

Of course, this assumes you have created a file "rules.conf" in the location specified above. There's several rules files available on the snort web site.

Note: snort is not for the faint of heart. You'll get far more alarms than you expect, and virtually all of them will be harmless attempts to scan for windows shares. Harmless, because that's what the firewall is for!!

We received an extension to this snort package from Ken McKinlay, who uses tcpdump and some clever scripts to make a nice intrusion detection setup. If you're not afraid of experimenting, and know your way around shell scripts, download this package:

  • log on as root
  • type: "ftp http://www.dubbele.com/ids.tar.gz"