O'Reilly logo

802.11 Security by Bruce Potter, Bob Fleck

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 13. Building an OpenBSD Gateway

Given the similarities between OpenBSD and FreeBSD, one would assume that the gateway configuration would be nearly identical for each of them. However, due to the underlying differences in kernel configuration and firewall structure, the implementation is surprisingly different in FreeBSD. The end result, however, is the same; a secured and efficient gateway machine protecting your wireless network.

Like FreeBSD, we will use dc0, dc1, and dc2 as the network interfaces. These correspond to the common Netgear and Linksys cards sold in most stores. Replace these with the names you have created for the three interfaces.

Building the Gateway

Your layer 3 gateway is your primary line of defense from outside attackers. It can also be a valuable threat in keeping wireless attackers at bay. The gateway effectively controls the keys to your networked kingdom. Due to the central role the gateway plays in your network, special care should be taken throughout the installation and configuration process. A hole left in your gateway is a hole into your network.

When installing OpenBSD, make sure you install the kernel source code. Also, unless absolutely necessary, do not install the X Windows system. There are many SUID binaries installed at part of X and several programs bind to externally reachable ports on your machine. Not installing X Windows greatly simplifies the maintenance of your machine. Also, be sure to have a sufficiently large /var file system ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required