From owner-freebsd-questions Tue Apr 21 13:02:21 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA07627 for freebsd-questions-outgoing; Tue, 21 Apr 1998 13:02:21 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from gdi.uoregon.edu (gdi.uoregon.edu [128.223.170.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA07364 for ; Tue, 21 Apr 1998 20:01:15 GMT (envelope-from dwhite@gdi.uoregon.edu) Received: from localhost (dwhite@localhost) by gdi.uoregon.edu (8.8.7/8.8.8) with SMTP id NAA04327; Tue, 21 Apr 1998 13:00:59 -0700 (PDT) (envelope-from dwhite@gdi.uoregon.edu) Date: Tue, 21 Apr 1998 13:00:59 -0700 (PDT) From: Doug White Reply-To: Doug White To: Mike Grommet cc: freebsd-questions@FreeBSD.ORG Subject: Re: I need guidance with a installation... In-Reply-To: <002501bd6d8e$03f651e0$02941fce@work1.insolwwb.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 21 Apr 1998, Mike Grommet wrote: > Hi guys... I need some advice.... > I have been put in charge of an installation of a server running freebsd > that will act as a mail server > and an internet web server, plus dns for a large factory office. The actual > web server setup and mail setup is simple and I feel pretty confident there > but I need advice as to whether or not I have this thing figured right... ok. > Heres the plan... please point out any flaws... > I am planning on setting up the in-house network on a non-internet class C , > like 192.0.2.* > and will set up the unix box on an internet class ip number say, > 206.31.148.99 or somesuch... > > Now I want to have the 192.0.2.* machines to be able to surf the net and > receive email and perform other > net capacitities, I would assume through some sort of proxy service... this > is possible right? sounds like a job for natd. > Now about firewalls... I've never set one up so I am a lot fuzzy here... > The first question is do I even need a firewall since the ip's on the > 192.0.2.* network are not > internet accessible... If I should go ahead and set up a firewall, do you > guys suggest one at the router level? On the natd box. > or is it possible to run one on the same machine that will be acting as a > dns server, mail server and web server? I think so, although it's good design practice to separate this. There are several ways of setting this up; go buy a good Internet security book. > Heres a hypothetical question for you... > if I set up a firewall on a machine and the network behind it is on > internetable IP's, how do I govern all traffic coming into the network... > the configuration I have in mind is: > basically traffic comes from the router, into a hub and on the network from > there... how do I make it so that all traffic goes into the actual firewall > machine? PUt the filter between the router and the hub, put two ethernet cards in it, run ipfw and route packets between the interfaces. Doug White | University of Oregon Internet: dwhite@resnet.uoregon.edu | Residence Networking Assistant http://gladstone.uoregon.edu/~dwhite | Computer Science Major To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message