From ryan@sasknow.com Mon Oct 30 02:16:00 2000 Date: Mon, 23 Oct 2000 04:24:56 -0600 (CST) From: Ryan Thompson To: "Bilti, Roland" Cc: "'freebsd-questions@freebsd.org'" Subject: Re: help Message-ID: Organization: SaskNow Technologies [www.sasknow.com] Bilti, Roland wrote to 'freebsd-questions@freebsd.org': > > > Hi, > > > > I have an server 5x86 133MHz, 16 ram and I intend to use freebsd to give > > internet access to 30 clients (under win95) . The server have 4 network > > adapters( I use 4 adapters because we want to do this in a campus for 4 > > etajes). I checked the documentation available on www.freebsd.org but I > > need some detailed instruction because I am a beginner. Please send me an > > email with some documentation for firewall rules and to give access to > > internet with 4 network adapters. Check out the O'Reilly book "Networking with TCP/IP". If you can't find it locally, I can fetch the ISBN, publication info, etc for you. It explains the processes, and many of the UNIX-centric procedures for configuring networks. Surf the local (or online) bookstores for other networking titles. You will want to read up on firewalls, too.. FreeBSD comes with ipfw(8) in the base system, and that works for me... but you're not limited to that. There are other packages out there. As far as firewall rules are concerned, look at /etc/rc.firewall for an example, and read ipfw(8) for syntax explanations. What are "etajes"? I am not familiar with the term. In short, you may not need 4 network adapters, but assuming you do, you will need to assign each network adapter a distinct subnet in your address space (or assign local addresses to each). If the subnets are on non-octet boundaries (smaller than /24), you'll definitely want to read about classless subnetting before attempting anything. One of the network adapters will have to talk to your Internet uplink (i.e., router). Thus, your default route must go through one of the adapters, to the uplink device's IP address, which should be on the same subnet as the network adapter in question. Call that network adapter 1. You could have other hosts connected to the Ethernet of network adapter 1. (You already have two, the FreeBSD machine, and the router). In this configuration, this Ethernet is referred to as the DMZ (demilitarized zone), as it is NOT protected by your FreeBSD gateway/firewall for Internet access. It is common to put some DNS or mail servers in the DMZ. The other three network adapters should be placed on three different Ethernets. Your FreeBSD machine should provide routes to three different (non-overlapping!) subnets. So, your FreeBSD machine will be a gateway for all four subnets, and can act as a firewall, proxy, etc, for all four subnets. You better use good hardware for your FreeBSD machine and have backups/replacements available, as it now represents a single point of failure in your network design. You will need to enable IPDIVERT and IPFIREWALL in your kernel. Enabling 4 or so bpf's is almost a requirement nowadays. I'd also recommend increasing MAXUSERS a bit, depending on what sort of servers you plan to run, and how much traffic you expect to flow through this machine. If the system is JUST going to be a gateway/firewall, and logs are exported to a log server, you could probably get by with very small disk partitions. Ok... That's enough on networking fundamentals, for now ;-) Once you decide on your network architecture, and formulate some specific FreeBSD related questions, we can help you out with specific troubles. > > Thank you in avans, > > > > Rolland > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > -- Ryan Thompson Network Administrator, Accounts Phone: +1 (306) 664-1161 SaskNow Technologies http://www.sasknow.com #106-380 3120 8th St E Saskatoon, SK S7H 0W2 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message