From owner-freebsd-questions Thu Jan 2 21:38:34 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E8CC37B401 for ; Thu, 2 Jan 2003 21:38:31 -0800 (PST) Received: from hotmail.com (f51.law15.hotmail.com [64.4.23.51]) by mx1.FreeBSD.org (Postfix) with ESMTP id 46CD143EA9 for ; Thu, 2 Jan 2003 21:38:31 -0800 (PST) (envelope-from bill_moran2@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 2 Jan 2003 21:36:39 -0800 Received: from 66.132.12.15 by lw15fd.law15.hotmail.msn.com with HTTP; Fri, 03 Jan 2003 05:36:39 GMT X-Originating-IP: [66.132.12.15] From: "Bill Moran" To: caffeine@directvinternet.com, freebsd-questions@freebsd.org Subject: Re: firewall setup -- quick question Date: Fri, 03 Jan 2003 00:36:39 -0500 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 03 Jan 2003 05:36:39.0883 (UTC) FILETIME=[171049B0:01C2B2EA] Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG >From: "Darren" > >I've been doing quite a bit of reading the past few days on this firewall >I'm building for my father. And, it seems like everything that I read is >utilizing 2 nics (one for the internet side and one for the internal side) >with a hub on the inside nic. > >I had something different in mind. In my case, my outside connection will >be coming through an Alcatel USB modem. Then, I planned to use 2 nics for >the inside (one for each of the two boxes that I'll have on my inside >network). The two boxes on the inside need to be NAT'd by the firewall, as >well. > >Can it be done this way? Yes, the reason you're seeing it explained with 2 nics is that it's the most common setup. It gets slightly more complicated, but it's not too bad. You'll have to make sure the two internal nics have ip addy/netmasks such that the firewall doesn't get confused about which one to communicate with at any one time. I would use 2 totally seperate private ranges if I were you (to make it very difficult to mess up). Something like 172.16.0.0/24 on the one and 10.10.10.0/24 on the other would be unambigious. Then you need to duplicate firewall rules for those two nics. Basically, every firewall rule you would have put on the internal nic to the hub (in the examples you've been seeing) will have to be 2 rules, one for each of the internal nics. Other than that, it's not really terribly complicated. If you use IPs that are obviously seperate (such as I suggested) the routing will pretty much take care of itself, and all you have to worry about is actual firewall rules. Good luck -Bill _________________________________________________________________ Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message