I had a similar situation, but rather than using openBSD found Astero (http://www.astero.com). The firewall runs on a hardened Linux kernel, and you can add Kapersky AV is so desired for a nominal sum (or free, if you participate actively in Astero's power users forum.) The firewall can be downloaded free for personal use: a few of the features available on the paid license aren't on the free version, but I don't think you'll find anything you need that's missing (judging from your description). The one caveat is that the Astero firewall does require a standalone box to box; minimum hardware requirements are a 400 MHz processor and 128 MB Ram (I used an old original Celeron box, and it works fine).
M ----- Original Message ----- From: "Gregg" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, July 29, 2003 1:40 AM Subject: Security/Firewall question > > > Hi everyone! > > I'm still pretty new to security and firewalls and such, and I'm having a > problem wrapping my head around a couple of concepts. Here's what I have- > I have a stand alone email server behind an Adsl router (with 4prt hub). > The router is set to pass-thru (nat and firewall disabled). 1 port goes to > a firewall device, and my LAN behind that. 1 port goes to my Email server, > a Win2k box (hey, quit lookin at me like that). > > I've got a handful of fixed IP's to work with. Here's what I'd like to do- > > Keep everything the same BUT- put an OpenBSD box in between the router and > the email server (protect the snivelling email server). So, I builts me > dis purty OpenBSD box from the broken bodies of mine enemies past (a Dell > Dim XPS V350 with a bad video card). Put 2 Nics in the beast. Lovely. > > Now, I have an IP from my block of 5 registered currently for my email > server. > I'm not certain if- > I want to assign that IP to the OpenBSD firewall, and use NAT and/or RDR > to pass on SMTP traffic on port 25 to the email server. Yes? No? Maybe? Am > I a shame on my species? > > -------------------------------------------------------------------------- - > -------------------------------------------------------------------------- -- > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
