Security Basics mailing list archives

Hardware + Software Router + OpenBSD DHCP / NAT

From: Christopher Nehren <apeiron () comcast net>
Date: Wed, 09 Apr 2003 21:40:11 -0400

Currently I have a cable modem in my house which feeds into a router.
This router distributes the modem connection via DHCP to a few machines
on my home network. I have an old machine running OpenBSD, and I'd like
to know what a good (I suppose "best" would open a flame war?) solution
would be, in order to increase my home network security using the
OpenBSD system. I'm thinking of something like this: (please excuse my
pitiful attempt at ASCII art)

cable modem
        |
        |
        |
router with the OBSD's system set as the DMZ
        |
        | 
        - first ethernet interface on the OBSD machine
OpenBSD system running DHCP / NAT + PF
        - second ethernet interface on the OBSD machine
        |
        |
hub / switch 
        |
        |
client A / client B / client C ... / client Z


Would this work? Would it be more secure to have the modem go to the
OBSD box, then to a router, and then route the connection to the
machines on the network? My main (only) concern with this setup is the
security of my home network.

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Hardware + Software Router + OpenBSD DHCP / NAT Christopher Nehren (Apr 11)
- RE: Hardware + Software Router + OpenBSD DHCP / NAT Jim Kelly (Apr 12)
- RE: Hardware + Software Router + OpenBSD DHCP / NAT mark (Apr 12)
- Re: Hardware + Software Router + OpenBSD DHCP / NAT Jason Burroughs (Apr 15)
- <Possible follow-ups>
- RE: Hardware + Software Router + OpenBSD DHCP / NAT Allan Schon (Apr 14)
  - RE: Hardware + Software Router + OpenBSD DHCP / NAT * KAPIL * (Apr 15)
- RE: Hardware + Software Router + OpenBSD DHCP / NAT Allan Schon (Apr 15)