# Where do I post a plea for networking advice?



## sdad (Dec 19, 2010)

I don't have a broken 
	
	



```
gizwat
```
, and I'm not trying to get dufil installed properly, rather I am trying to lay out a network firewall/routing architecture which is basically security sound from the inception.  I don't want to end up going around with bubble gum patching up a bunch of holes that are there because of poor layout.  Certainly a newbie type question, since I am one. 

Most spots on this forum are in place to help get a task done, not jawbone.  I don't want to interrupt that philosophy, not my place to do so.  On the other hand if I am to advance at all, I sometimes need to expand on the "do this, do that" responses. 

So, having said that, where would you suggest that I ask my redundant/ridiculous questions?:OOO  Maybe even here?


----------



## tingo (Dec 19, 2010)

First: learn about networking and security. After that, if you have questions, ask them here, or in other forums designed for networking and / or security.


----------



## sdad (Dec 19, 2010)

Any recommended on-line schools?


----------



## tingo (Dec 19, 2010)

I don't know; I learned networking many years ago. By attending a course physically, you know.


----------



## sdad (Dec 19, 2010)

Would that make you ........"Old School"?


----------



## DutchDaemon (Dec 20, 2010)

Just 'schooled'.


----------



## sdad (Dec 20, 2010)

Sorry, couldn't help myself.  In my case its old.  That's one reason I'm so anxious to get this down.. I don't have much time left until I have to introduce myself when I look in the mirror.

  I found a couple of course offerings from MIT.  May be others out there, have to poke around a bit.  Looks like they cover basic topology, components, proto's, etc.    Networking stuff.  Didn't see anything on security as yet.

  I am trying to come up with a series of monitors that I can run on FreeBSD.  Found a pretty good list, but a little clueless as to what they are and what I can get from them.

  Looks to me like PF is going to be the big bang, and that's going into my frontline firewall. It appears that using pf and a proper rules will handle many forms of attack.  Not being cognisant of how attacks can be formulated I don't know if other types of filters should be used, or even if available.


----------



## UNIXgod (Dec 20, 2010)

So what is the actual question?


----------



## wblock@ (Dec 20, 2010)

http://oreilly.com/catalog/9781565928718


----------



## sdad (Dec 20, 2010)

The question is "Where can I go to get entry level questions answered?" I'm looking for such a place. Don't want to bug the regulars with stuff they've seen a million times before.



> http://oreilly.com/catalog/9781565928718


 This appears to be good example.  $4 from Amazon, $3.99 of that is shipping! (Actually I spent $4.15, got a like-new condition.)  I'll read this, then I'll ask.

As a matter of curiosity, is this forum not a general chit-chat spot, either?  If its not, then I apologise for misunderstanding, honest mistake, my impression was otherwise.


----------



## UNIXgod (Dec 20, 2010)

sdad said:
			
		

> The question is "Where can I go to get entry level questions answered?"



Just ask. No need to ask if you can ask or mumble about like you have something to say without communicating what it is you want to express.

So I ask again what is your actual question?


----------



## sdad (Dec 20, 2010)

OMG, you must be shaking your head, wondering "what the heck is this guy?"  Sorry, misunderstood.

Okay, here's  scenario. All lab exercise, not production!!!! Putting up a entry portal to run from a dsl line to the lan.  I am very limited on the hardware side so simple 1 line in, 1 line out. 

For firewalling, plan is/was to put pf on this box.  But is pf really my best choice? I have additional routing downstream and can use pf in the other router, nothing between the portal router and the downstream router. I read that stateful filtering is somewhat susceptible to denial of service, so maybe I deal with d-o-s first, worry about spoofing until the next router?  Only so much I can do with that, but maybe using ipfw instead of pf would be the wiser choice here?  My quick overview indicates that I can use ipfw for stateless inspection (did I say that right?), reducing the d-o-s opportunities that an attacker could have.


> WHY WOULD THAT BE?


  I have yet to find an answer to that question. If I allow for spoofing does that make the portal router more susceptible to attack than if I did stateful? And, if it is attacked so what?  It just feeds the next router, that's it.

Naturally, I want to use both filters so I can see the differences, just don't have the horses for both in same box.  Since I am so limited with the hardware I want the sequence of prevention to be correct.  I figure that I can do a "rough in" at the portal, and fine tune later downstream. Is there a different piece of software that would make even more sense than either pf or ipfw in this situation? 

Once the appropriate software is installed and functioning I want to turn my attention to hardening the install, but not until all is running and I can take a snapshot (So I can go back to square one when I lock root out, or delete half the kernel!).


----------



## DutchDaemon (Dec 20, 2010)

The regular (i.e. 'non-off-topic' forums) are for technical matters/issues/questions regarding FreeBSD, where some banter is allowed (of course), but shouldn't take over the entire asylum. There's nothing wrong with 'free-form discussions' so long as they adhere to the thread's topic. Socializing is best done in the Off-Topic section. That's my take on it, at least.


----------



## sdad (Dec 20, 2010)

Dutch, Looking at the forum tree at the top of my page it says "FreeBSD-misc-offtopic".  I specifically choose that forum for exactly the reasons that you stated.  I'm I not there? Where did I mess up, so I don't do that again?


----------



## DutchDaemon (Dec 20, 2010)

I simply answered the question in post #10 in general terms.


----------



## sdad (Dec 20, 2010)

So, I'm ok here?


----------



## DutchDaemon (Dec 20, 2010)

Sure. I'll tell you 'when'


----------



## sdad (Dec 20, 2010)

Thanks.  This forum is a valuable asset.  I don't want to ruin my access to it.


----------

