From owner-freebsd-questions  Sat Aug 19  9:49: 5 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from greg.ad9.com (greg.ad9.com [209.233.225.5])
	by hub.freebsd.org (Postfix) with ESMTP id 8A22637B422
	for <freebsd-questions@FreeBSD.ORG>; Sat, 19 Aug 2000 09:49:03 -0700 (PDT)
Received: from greg.ad9.com (nepolon@greg.ad9.com [209.233.225.5])
	by greg.ad9.com (8.9.1a/8.9.1) with ESMTP id KAA12413;
	Sat, 19 Aug 2000 10:08:54 -0700 (PDT)
Date: Sat, 19 Aug 2000 10:08:54 -0700 (PDT)
From: Steve Lewis <nepolon@systray.com>
X-Sender: nepolon@greg.ad9.com
To: Duke Normandin <dnormandin1@juno.com>
Cc: "freebsd-questions@FreeBSD.org" <freebsd-questions@FreeBSD.ORG>
Subject: Re: Problem with FreeBSD behind a firewall
In-Reply-To: <003d01c009e5$adcb0c60$5985c5d1@odie>
Message-ID: <Pine.BSF.4.05.10008190951010.12367-100000@greg.ad9.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, 19 Aug 2000, Duke Normandin wrote:

> On Saturday, August 19, 2000 6:26 AM  Duke Normandin <01031149@3web.net> wrote:
> >
> >So this thread won't be wasted on me, I need to know what a "hardware
> >firewall" is, please. I can take a wild-ass  guess ;^), but I've *never won
> >any loteries either.  As well, the term "dual-homed" was used early in
> >the thread -- would you briefly explain that term as well, please. Tia....
> 
> up. So "dual-homed" is a box with 2 NICs --- one public and one private.
> 
> -duke

Essentially correct.  Technically, one doesn't have to be public and one
doesn't have to be private, but that is the way they most often appear.
Multi-homed would be the more generic term.

As for a "hardware firewall" aka "firewall appliance," this is just an
out-of-the-box device which works as a firewall.  It doesn't use 'PC
hardware' as such, so it will have more resemblance to a bridge (usualy
two network interfaces, a power jack, and sometimes a serial port).  
Often they can be configured through a web interface which is only
available from the private interface.  I don't mean to imply it doesn't
run a FreeBSD kernel, most firewall appliances seem to be highly
specialized and modified *nix kernels stripped and mounted in a little
black box.

For an example, see http://www.lucidata.com/firewall.htm ... 

BTW - you should laugh when you look at this example.

--Steve



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message