Hello, im setting up my nas to also be my firewall and router.
i know theres alot of fixing with firewall, but i cant find a dhcp server in the repo? or in the few extra repos i got..
theres been alot of new stuff in C7 so im wondering what do i need to fix to get router functionality?
need dhcp server for internal lan, and firewall setup tight as a ticks ass against internet, also a portforwarding with nat i think between lan port 1 and lan port 2..
anything i missed?
SElinux will be in premissive mode until i fix all the issues with my setup
dhcpd server?
-
gerald_clark
- Posts: 10642
- Joined: 2005/08/05 15:19:54
- Location: Northern Illinois, USA
Re: dhcpd server?
1. You should not build your own firewall/router. With your lack of security experience you will be hacked in no time.
2. You should have no servers running on your firewall.
3.For a local dhcp server use dnsmasq.
2. You should have no servers running on your firewall.
3.For a local dhcp server use dnsmasq.
-
stingray454
- Posts: 3
- Joined: 2014/08/06 20:29:43
Re: dhcpd server?
so reply questions..
2. why no running servers? some kind of buffer overflow problem if theres alot of load on the machine with the firewall so it gets insecure?
3. thanks dnsmasq, old linuxes used to have a package dhcpd that was a dhcp server.. but i think that was debian flavours.. will read up on dnsmasq..
ps. if i wanted to get hacked, and didnt understand what a firewall is, i would just bridge the interfaces and let it roll.. now im doing research to know what to do, WHEN i feel that i know what im doing..
1. as long as the firewall doesnt accept connections from outside except what i accept in firewall-cmd to the interface i assign to external or public, i'll get hacked in notime, is centos 7 really that insecure versus an old router firmware with kernel 2.6.x?gerald_clark wrote:1. You should not build your own firewall/router. With your lack of security experience you will be hacked in no time.
2. You should have no servers running on your firewall.
3.For a local dhcp server use dnsmasq.
2. why no running servers? some kind of buffer overflow problem if theres alot of load on the machine with the firewall so it gets insecure?
3. thanks dnsmasq, old linuxes used to have a package dhcpd that was a dhcp server.. but i think that was debian flavours.. will read up on dnsmasq..
ps. if i wanted to get hacked, and didnt understand what a firewall is, i would just bridge the interfaces and let it roll.. now im doing research to know what to do, WHEN i feel that i know what im doing..
Re: dhcpd server?
Why do the uninformed think that hardening a FULL BLOWN distro into something that kindof sortof almost is a firewall is just a few google articles away?
Take a quick peek at the source code for a real firewall (like PFSense or IPCop) and then tell us your grand plan for converting a FULL BLOWN Distro into something that resembles a real firewall.
When there are so many free opensource firewalls out there - why would you waste time reinventing the wheel.
Take a quick peek at the source code for a real firewall (like PFSense or IPCop) and then tell us your grand plan for converting a FULL BLOWN Distro into something that resembles a real firewall.
When there are so many free opensource firewalls out there - why would you waste time reinventing the wheel.
For the 2.5^15th time :: Better Details = Better Answers
-
stingray454
- Posts: 3
- Joined: 2014/08/06 20:29:43
Re: dhcpd server?
well if we are going to be unfriendly for starters pfsense is based on bsd, centos is linux.. but i really hope you know that with that bad attitude..
anyway guess your answer is then to use VM and separate pfsense and the nas or just get another physical machine to run pfsense on..
anyway guess your answer is then to use VM and separate pfsense and the nas or just get another physical machine to run pfsense on..