PDA

View Full Version : Building a CD bootable firewall

Paul Wilders
March 6th, 2002, 07:44 AM
1. Scope

This document covers the basic steps I took in building a bootable CD containing a live FreeBSD filesystem with a couple of security features enabled and configured. With this CD, it is possible to transform a PC from a mediocre workstation into a VPN Gateway or firewall or both without touching the hard drive.

Why would you want to do this? Read on.


2. Background

I was working on building VPN Gateways at various remote locations across the globe. I had already convinced the powers that be in our company that FreeBSD was the way to go and that IPSEC was the standard we should settle on. Did I mention firewall?
The challenge I had was that these gateways would be installed at small locations (4 to 10 person offices) without super duper IT professionals and that most of them were across the globe in Germany.

I needed a system that was:

hardened
stable
remotely manageable
secretary proof (I say this with utmost respect for Office 2000 users)


3. The Recipe


Building a CD Bootable Firewall consists of the following steps:

read the full story here:

http://www.bsdtoday.com/2002/March/Features646.html
UNICRON
March 7th, 2002, 01:47 AM
now we are talking about a real firewall. I have a freind who uses astripped down linux slackware box to use as a fire wall. He boots from a write protected floppy. Unlike home routers and gateways, these are so configurable. They can do the job of a router and software firewall, and no woriies of MS making sneaky calls home under our noses.
DaveHowe
March 8th, 2002, 11:56 AM
High on my "things to do" list is to build a standalone Firewall box that is a bootable Dreamcast CD.

Dreamcast I have has a 56K modem, keyboard, Serial Interface and uses a tv out as a monitor (with my TV in card, that should allow "picture in picture" view of its screen on my pc). It also has a decent processor, small form factor, and there is already an existing HowTo for making a bootable Linux system with one.

Adding ppp to the serial link (so I can use it as a virtual modem from my pc) and dialler support for the 56K modem, and it should sit quite nicely between my machine and the net.
Mr.Blaze
March 8th, 2002, 11:05 PM
scratch scratch head im confused im newby dont understand *