Hi all,
What I am trying to do is to setup office firewall.
Office is with about 20 win PCs. They have to access
Internet through this firewall.
My question is from what programs consists minimal
FreeBSD setup that will act as firewall, caching proxy
and IP translation.
I have full CD distribution of 4.7 FreeBSD
Box is Compaq Deskpro on 500 Mhz with 128MB RAM
and 8 GB HDD.
TIA
George

The FreeBSD handbook has a section on Firewalls. This looks like it could be a helpful resource in sending you down the right path.

http://www.freebsd.org/doc/en_US.ISO...firewalls.html

There is also another document on Securing FreeBSD that is helpful in just generally hardening the box. It is the Security How-To and it is found at:

http://people.freebsd.org/~jkb/howto.html

Enjoy!

Tim

I assume you will be natting them also?
There are a couple fw options in FBSD.

I am rather partial to IPFilter. You need to compile support for it into the kernel.
It comes with ipfw as part of the base install. Bothare very capable and your preference will lie with the one who's language you best relate too.

Definetly check the handbook. And google, there are a number of sites related to both.

10xs.
I have done some printing and will do some reading.
It seems to me that I will not be secure for some time
since I accuire adecuate experience 8-)))

Unless there are some other reasons for using FreeBSD for a firewall, I highly suggest using OpenBSD.

This is the configuration I have:

HW:
PPro200 w/32MB RAM
400MB Hard Drive
2x NICs.

SW:
OpenBSD 3.2
pdnsd for caching DNS
rrd for bandwidth graphs
thttpd for serving the bandwidth graphs
some other misc. custom scripts for graph updating and some transparent SSL port forwarding.

This box is able to handle 8-9Mbit easy, which is about all I am able to ever get with my cable modem. It is setup to do NAT with a single external IP.

I was also playing around with some transparent FTP proxing and using a transparent squid for HTTP proxing and filtering.

If you are interested in my pf.conf and other custom scripts, let me know.

,----[ http://www.onlamp.com/pub/a/bsd/2001...SD_Basics.html ]
| Your FreeBSD system comes with two built-in mechanisms for
| inspecting IP packets: ipfw and ipfilter. Both have their
| own peculiar syntax for creating rulesets to determine
| which packets to allow and which packets to discard, so
| I'd like to demonstrate the usage of both. Since you can
| only run one or the other, I'll start with ipfw; once
| we've had a good look at it, I'll switch gears and move on
| to ipfilter....
`----

Dr. Dru Lavigne has a series of three articles over on the
O'Reilly OnLamp site which deal with firewall construction
on a FreeBSD machine. Her articles rock. I find that
they are at just the right level of detail and abstraction
for someone who is just beginning to get in to a subject,
firewalls in this case. Check it out, I doubt that you
will be disappointed.

10xs,
I already installed OpenBSD, added GNU mc for easier navigation, no X.

It would be great to have your configuration scripts because it is what I have to do next.

End after this should do some testing before putting it in place

george at ewmi dot orbitel dot bg

linux counter #53166