From owner-freebsd-questions  Wed Mar 11 21:05:54 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id VAA29040
          for freebsd-questions-outgoing; Wed, 11 Mar 1998 21:05:54 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from gdi.uoregon.edu (gdi.uoregon.edu [128.223.170.30])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA29030
          for <questions@freebsd.org>; Wed, 11 Mar 1998 21:05:46 -0800 (PST)
          (envelope-from dwhite@gdi.uoregon.edu)
Received: from localhost (dwhite@localhost)
          by gdi.uoregon.edu (8.8.7/8.8.8) with SMTP id VAA16551;
          Wed, 11 Mar 1998 21:05:42 -0800 (PST)
          (envelope-from dwhite@gdi.uoregon.edu)
Date: Wed, 11 Mar 1998 21:05:41 -0800 (PST)
From: Doug White <dwhite@gdi.uoregon.edu>
Reply-To: Doug White <dwhite@resnet.uoregon.edu>
To: Louis-Philippe Alain <xenub@boisfrancs.qc.ca>
cc: questions@FreeBSD.ORG
Subject: Re: Firewall: What to change?
In-Reply-To: <199803112308.SAA05221@mail.boisfrancs.qc.ca>
Message-ID: <Pine.BSF.3.96.980311210013.16485M-100000@gdi.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, 11 Mar 1998, Louis-Philippe Alain wrote:

> Hi,
> 	It's the first time I make "ASCII-Art" so please be indulgent... :) Will
> the trafic on the new "router" slow the machine? If so, maybe I should put
> it on the DNS machine as it's not very busy for the moment...

You used tabs and they expanded differently but I get the idea.
Everything hangs off a hub behind the router.

You'll want to stick a computer between the hub and the router and
configure it for all of your firewalling/filtering needs.  Of course you
can recycle an existing computer, just remember to allow packets in/out
for whatever service(s) it may be hosting.

Kinda like this:


3Com T/S ------+
               |    _________________
CompuTone T/S -+   |                 |     _________
               |   | FreeBSD         |    |         |
FreeBSD Mail --+---+ Firewall/Filter +----+  Cisco  +----[ World ]
               |   |_________________|    |_________|
FreeBSD Web ---+
               |
FreeBSD DNS ---+


On the filter, enable IPFW as described in the Handbook, tune
/etc/rc.firewall as desired, and you should be set to go.

> Thanks a lot for your help!

No problem.

Doug White                              | University of Oregon  
Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite    | Computer Science Major



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message