From owner-freebsd-questions Wed Aug 21 19:12:50 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BD14737B400 for ; Wed, 21 Aug 2002 19:12:45 -0700 (PDT) Received: from services.webwarrior.net (overlord-host99.dsl.visi.com [209.98.86.99]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1D06443E70 for ; Wed, 21 Aug 2002 19:12:45 -0700 (PDT) (envelope-from friar_josh@webwarrior.net) Received: from markx.vladsempire.net (12-218-27-215.client.mchsi.com [12.218.27.215]) by services.webwarrior.net (Postfix) with ESMTP id DA1B02521D; Wed, 21 Aug 2002 21:12:57 +0000 (GMT) Subject: Re: Firewall Help plz From: Josh Paetzel Reply-To: friar_josh@webwarrior.net To: "RDWestSr@hotpop" Cc: freebsd-questions@freebsd.org In-Reply-To: <001401c24973$cf3fb240$0a00a8c0@papabear> References: <001401c24973$cf3fb240$0a00a8c0@papabear> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.5 Date: 21 Aug 2002 21:11:20 +0000 Message-Id: <1029964281.226.6.camel@markx.vladsempire.net> Mime-Version: 1.0 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 2002-08-22 at 00:35, RDWestSr@hotpop wrote: > hi guys, > i need a little input on freebsd firewalls-- > check my ideas out and maybe advise me the best route and point me to some > detailed links etc... > a friend of mine asked me to help him get his small business online. > i'm looking for some ideas on this. my questions... > > 10 computers > - 1 server > -9 clients > > ok, all customer info, orders, etc is kept on the server... he has 9 > employees that log into the server from their client pc to update and change > information etc... > > now his employees want on the net to surf, mail, download mp3's etc... > he's getting a commercial cable account > > what is the best secure way to build the firewall or wall(s) for the > network.... > hummm > the server needs a big wall :) > here's my thinking > > the server has to be secure enough that if and when a client gets hacked > that they can't get into the server and screw it up... > > so... > NET-> > FREEBSD _FIREWALL/GATEWAY (nic cards to 2 networks) > LAN_#1(all 9 clients) > LAN_#2(the server) > ------------------- or > NET-> > FREEBSD _FIREWALL/GATEWAY-#1-> > #1-LOCAL_AREA_NETWORK-> > FREEBSD _FIREWALL/GATEWAY-#2-> > THE_SERVER > -------------------- > here's my main question-- > can freebsd be setup by MAC ID access ????? > my ideas are to route access for the clients on ports 20,21,25,53,80,110 to > access net while nic #2 of LAN#2 is setup where only the 9 MAC IDs of the > LAN#1 can access the server... > > thats my way of thinking... i was thinking a double firewall would be > more secure than a single firewall box... > > tx in advance guys... > i'm just trying to save him a ton of money here while making it safe for his > employees to get on the net... > > RDWestSr My guess is you are going to have to pay to get that sort of support. I'd typically charge anywhere from $300-$500 on the side to set something like that up on a Saturday. Get a copy of ORA's building Internet Firewalls, and take a look at the handbook and man page for ipfw. Josh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message