Date: Fri, 03 Jan 2003 00:36:39 -0500 From: "Bill Moran" <bill_moran2@hotmail.com> To: caffeine@directvinternet.com, freebsd-questions@freebsd.org Subject: Re: firewall setup -- quick question Message-ID: <F51mRt2iG8edtQPHsu5000306fa@hotmail.com>
next in thread | raw e-mail | index | archive | help
>From: "Darren" <caffeine@directvinternet.com> > >I've been doing quite a bit of reading the past few days on this firewall >I'm building for my father. And, it seems like everything that I read is >utilizing 2 nics (one for the internet side and one for the internal side) >with a hub on the inside nic. > >I had something different in mind. In my case, my outside connection will >be coming through an Alcatel USB modem. Then, I planned to use 2 nics for >the inside (one for each of the two boxes that I'll have on my inside >network). The two boxes on the inside need to be NAT'd by the firewall, as >well. > >Can it be done this way? Yes, the reason you're seeing it explained with 2 nics is that it's the most common setup. It gets slightly more complicated, but it's not too bad. You'll have to make sure the two internal nics have ip addy/netmasks such that the firewall doesn't get confused about which one to communicate with at any one time. I would use 2 totally seperate private ranges if I were you (to make it very difficult to mess up). Something like 172.16.0.0/24 on the one and 10.10.10.0/24 on the other would be unambigious. Then you need to duplicate firewall rules for those two nics. Basically, every firewall rule you would have put on the internal nic to the hub (in the examples you've been seeing) will have to be 2 rules, one for each of the internal nics. Other than that, it's not really terribly complicated. If you use IPs that are obviously seperate (such as I suggested) the routing will pretty much take care of itself, and all you have to worry about is actual firewall rules. Good luck -Bill _________________________________________________________________ Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F51mRt2iG8edtQPHsu5000306fa>