From owner-freebsd-questions  Mon Jun  4 15:58:30 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from itouch.co.nz (itouch.co.nz [203.99.66.188])
	by hub.freebsd.org (Postfix) with ESMTP id 0E70337B401
	for <freebsd-questions@FreeBSD.ORG>; Mon,  4 Jun 2001 15:58:26 -0700 (PDT)
	(envelope-from jonc@itouch.co.nz)
Received: (from jonc@localhost)
	by itouch.co.nz (8.11.3/8.11.1) id f54Mw9M50588;
	Tue, 5 Jun 2001 10:58:09 +1200 (NZST)
	(envelope-from jonc)
Date: Tue, 5 Jun 2001 10:58:09 +1200
From: Jonathan Chen <jonathan.chen@itouch.co.nz>
To: Michael Silver <michael@silvertriad.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Multi-multi-homed system
Message-ID: <20010605105809.B49007@itouchnz.itouch>
References: <001601c0ed48$57d94960$0200000a@silvertriad>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <001601c0ed48$57d94960$0200000a@silvertriad>; from michael@silvertriad.com on Mon, Jun 04, 2001 at 06:47:33PM -0400
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Mon, Jun 04, 2001 at 06:47:33PM -0400, Michael Silver wrote:
> I have a situation where there is an internet connection in a building and
> several of the tenents would like to access this connection.  I have used
> FreeBSD in a multi-homed environment, and could easily setup the all the
> tenets on the same network, however I would like to put each on their own
> for security reasons.  What would be the best way to do this without
> installing a FreeBSD machine or router for each tenent?

If you want to put each set of tenants on their own network, you just
need to get a NIC for each separate network you're gonna have. You
connect each NIC to each of the tenant's network hub. Allocate networks
for each tenant-net with something like:

	192.168.1.0
	192.168.2.0
	192.168.3.0
	192.168.4.0
	...

Your FreeBSD multi-homed host will have the first address of each network.
ie: 192.168.1.1, 192.168.2.1, 192.168.3.1, ...  Each tenant-net can have
up to 253 machines on their own separate network. All that have to
done on their end would be to have the default-gateway setting set to
the 192.168.X.1.

To prevent indavertant access from one tenant-network to the other,
you'll have to set up appropriate firewall rules. You may also want to
set up the multi-homed host as a DNS server as well.

>I would also like
> to use DHCP so that all the tenets would get the latest DNS servers.

DHCP is a good idea, but you'll have to wade thru' the docs. The
ISC-DHCP server is pretty good one to use.

Cheers.
-- 
Jonathan Chen                                       Once is dumb luck.
                                                 Twice is coincidence.
             Three times and Somebody Is Trying To Tell You Something.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message