|
How to build an
OpenBSD 2.9 based firewall
/ IDS sensor
(Advanced
level article)
Part 1 of
3
Overview
Why another HOWTO on OpenBSD Firewalls.
I was happy with my home setup using cable modem
provided by Time Warner with a Cable/Dsl Router. But I felt like something
was missing, being a techie I felt that I was not in total control. Thus I
looked for some type of device that would allow me to detect attacks and
be able to do something about it. Based on my feelings I did not want to
spend 400 to 1000 dollars on something like a pix 501 firewall from Cisco,
or a SonicWall2 or any of the more expensive small home office
router/firewalls.
What you will need to accomplish this task.
An OpenBSD supported machine-I am using a Pentium
Pro 200 with 160 Meg of ram and a 6.4 gig hard drive an Intel pro100
network card and a dlink network card. I was using a P5/166's with Dual
DEC DIGITAL 21140-basd OEM cards and 2 Gig Scsi drive with 80M of edo RAM
until it finally showed it's age and gave up on me one day. I've seen
everything used from cheap 486's and Sparcs to corporate organizations
using Compaq servers for this purpose. You'll need either two NICs or one
NIC and a modem or ISDN card that acts like a modem. Basically you will
need a machine and a minimum of two NICs.
Where and How to start your Journey
This HowTo is based totally on
OpenBSD2.9 and IPF. So I am assuming you already know how to install
OpenBSD and know that your hardware is totally supported. And that you are
familiar a tad bit with Unix file system and VI editor. If you are unsure
of these three things mentioned above please visit www.openbsd.org
there you can find
everything you need to know on these subject matters, remember that
openbsd takes pride on having the most complete man pages and documents
based on my experience with the different version on Unix's
(Solaris,Linux,FreeBSD,OpenBSD). Next thing is to read this HOWTO
completely including the links provided and then begin the fun stuff of
installing and building your dream firewall/IDS sensor. On to the fun stuff
1.) Install OpenBSD2.9 on your system.
2.) FTP down newest patches and apply patches.
3.) Edit and Optimize your Kernel for the task at
hand.
4.) Compile the new Kernel
5.) Install the new Kernel.
6.) Turn off any services that you will not be
using( I say turn off all services on the firewall).
7.) Edit sysctl.conf to turn your firewall into a
router, basically enabling ip forwarding from one NIC to the other NIC.
8.) Build your ipnat.rules file.
9.) Build your ipf.rules(Firewall Rules keep the
unwanted out).
10.) Install openssh for remote administration.
Now on to even more interesting things the
IDS portion of this HOWTO.
1.) Install MySql in specifics we will not be
running MySql on this box but we will need the MySql Client to connect to
our SnortReport php based website.
3.) Download the latest
signatures from www.whitehats.com
and edit it to log to our MySql web server.
| 
Menu:
