Firewall Setup

            Introduction
         
         
After reading this howto, a FreeBSD stateful firewall setup is
completed for either you gateway or workstation. This FreeBSD stateful
firewall setup allows traffic initiated by your workstation or network
to flow though, and denies traffic initiated from the outside. This
howto also setup the internet connection sharing with other computers
on the network. This is done by using natd and a traffic shaping
solution that ensures that each computer has a equal share of the
available bandwith. It also incorporate a dynamic traffic shaper, using
dummynet pipes and queues, that makes sure that each computer has a
equal share of the label bandwidth. Finally, the functionality can be
extended by other with my other howto's. My goal was to write an howto
about creating
              traffic graphs with MRTG, IPA
            
             and IPFW and cut in two the howto due to size.
         
         
Why have firewall protection? Computers on the internet run the risk of
being damaged or hijacked. Firewall software is a very powerful tool in
fighting this. Having firewall software doesn't mean that your safe.
You will still have to update your system in order to fix security bugs
and check for viruses. Although the later isn't much of a problem for
Unix like computers at the time of writing.
         
Why do traffic shaping? Computers on
the network can use the internet connection so heavy that the internet
connection sharing idea is defeated. The nat daemon still works for all
computer, but the other computers have to wait because of the load.
Traffic shaping ensures that each computer can use their fair share by
dividing the bandwidth equaly. There are a couple of different traffic
shaping configurations. The first kind is a static traffic shaper
divides the bandwidth on the computers on the network. The second kind
is a dynamic traffic shaper divides the bandwidth on the computer using
the internet connection. Finally, a priority traffic shaper is one that
gives priority to one kind of traffic over a other kind of traffic.
This howto contains a setup for a dynamic priority traffic shaping
solution that is implemented with the weighted ruby round algorithm of
dummynet. This means the final traffic shaping solution will not be a
real priority traffic shaping but it comes very close to the real
thing.
         
            Notes

标签：

版权申明：本站文章部分自网络，如有侵权，请联系：west999com@outlook.com
特别注意：本站所有转载文章言论不代表本站观点，本站所提供的摄影照片，插画，设计作品，如需使用，请与原作者联系，版权归原作者所有