Chapter 13. Building an OpenBSD Gateway
Given the similarities between OpenBSD and FreeBSD, one would assume that the gateway configuration would be nearly identical for each of them. However, due to the underlying differences in kernel configuration and firewall structure, the implementation is surprisingly different in FreeBSD. The end result, however, is the same; a secured and efficient gateway machine protecting your wireless network.
Like FreeBSD, we will use dc0,
dc1, and dc2 as the network
interfaces. These correspond to the common
Netgear and Linksys cards
sold in most stores. Replace these with the names you have created
for the three interfaces.
Building the Gateway
Your layer 3 gateway is your primary line of defense from outside attackers. It can also be a valuable threat in keeping wireless attackers at bay. The gateway effectively controls the keys to your networked kingdom. Due to the central role the gateway plays in your network, special care should be taken throughout the installation and configuration process. A hole left in your gateway is a hole into your network.
When installing OpenBSD, make sure you install the kernel source
code. Also, unless absolutely necessary, do not install the X Windows
system. There are many SUID binaries installed at part of X and
several programs bind to externally reachable ports on your machine.
Not installing X Windows greatly simplifies the maintenance of your
machine. Also, be sure to have a sufficiently large /var
file system ...
Get 802.11 Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
