Overview
|
This document describes how to install a transparent firewall (based on OpenBSD) on an Openbrick-E hardware using a CompactFlash (512Mb or 256Mb) card. We will make a reasonable effort on installing OpenBSD mostly read-only.
The Openbrick-E comes with a VIA C3 processor, 256Mb of RAM and three Realtek NICs. Other models and variations are available (more RAM, different NICs) but we'll be referring to the default configuration in this document. For more information on available OpenBrick models please visit http://www.openbrick.org or the distributor in the US http://www.hacom.net/.
You can also use this document as a guideline to install OpenBSD on different types of hardware, read-write if you do have sufficient hard disk space.
|
Transparent Firewall
|
A transparent firewall is an ethernet bridge that transparently filters out potentially malicious packets. By not assigning any IP addresses to the two bridging interfaces the device is more or less invisible on the network. The 3rd NIC can be used to administer this machine using a private IP address.
|
Possible Applications
|
Transparent firewalls are useful in a variety of network scenarios since they do not require a reconfiguration of other networking equipment. They can be used to
| · | protect an entire network by attaching it to the main gateway (router)
|
| · | protect a subnet by attaching it to uplink hub ports
|
| · | protect a newly installed computer by attaching it between the computer and the hub
|
|
Why?
|
This guide was written after a transparent firewall was installed at a major university located in the United States. The firewall was needed to restrict access to certain computers, most notable unprotected Windows based servers and clients.
|