Go back to fronty page View most popular entries View latest additions Submit tutorials to UnixTutorials.info
UnixTutorials logo

Search results for Failover Firewalls with OpenBSD and CARP

BSD

Firewalling with OpenBSD's PF packet filter

Post date: April 19, 2005, 02:04 Category: Network Views: 7433 Comments
Tutorial quote: PF operates in a world which consists of packets, protocols, connections and ports.

Based on where a packet is coming from or where it's going, which protocol, connection of port it is designated for, PF is able to determine where to lead the packet, or decide if it is to be let through at all.

It's equally possible to direct network traffic based on packet contents, usually referred to as application level filtering, but this is not the kind of thing PF does. We will come back later to some cases where PF will hand off these kinds of tasks to other software, but first let us deal with some basics.

We've already mentioned the firewall concept. One important feature of PF and similar software, perhaps the most important feature, is that it is able to identify and block traffic which is you do not want to let into your local network or let out to the world outside. At some point the term 'firewall' was coined.
Unix+clones

Using the GNU Privacy Guard

Post date: April 16, 2005, 00:04 Category: Software Views: 2855 Comments
Tutorial quote: Tonight we will investigate the gnupg utility (version 1.07). I will be running it on an OpenBSD 3.2 system but, as usual, any unix-like system should not display any significant differences. I will assume that GPG is already installed.

The GNU Privacy Guard can be regarded as a complete replacement for the popular PGP (Pretty Good Privacy) software. The difference between the two is that GnuPG does not have any licensing restrictions and it also runs on more platforms. They are both open source products. Although owned by a commercial entity, a freeware version of PGP is available (although only for Windows and Macintosh).

In a nutshell, what all this software does is allow two parties to communicate securely. This implies the following:
- the message has arrived at its destination unaltered
- the message can only be read by its intended recipient
- the authenticity of the sender has been verified by the recipient
OpenBSD

Transparent proxying with squid and pf

Post date: May 17, 2005, 08:05 Category: Network Views: 12813 Comments
Tutorial quote: squid is a caching web proxy, it's set up between web browsers and servers, fetching documents from servers on behalf of browsers. It can accelerate web access by caching frequently requested pages and serving them from its cache. It can also be used to filter pop-up ads and malware or to enforce access control (which clients may request what pages based on different authentication methods).

Traditionally, the proxy is an optional component, and browsers are configured to actively use the proxy. Transparent proxying means forcing all web traffic through the proxy without the cooperation (or knowledge) of the clients. Once all browser connections pass through the proxy, outgoing connections to external hosts can be restricted to the proxy, and direct connections from local clients can be blocked.

The OpenBSD packet filter (pf) can be used to redirect connections based on various criteria, including source and destination addresses and ports. For instance, one can redirect all TCP connections with destination port 80 (HTTP) that arrive through an interface connected to local workstations to a squid proxy running on a different address and port.
Web-based applications and online marketing solutions - LumoLink