Date: Mon, 28 Aug 2000 00:49:47 +1100 From: Chris Pauly <l@binkyware.com> To: freebsd-questions@FreeBSD.ORG Subject: Firewall solutions? Message-ID: <4.2.2.20000828003335.00aa2a30@bsd>
next in thread | raw e-mail | index | archive | help
Hello, I've been trying to get a decent firewall running here but i there always seems to be something in the way, and i could do with some advice. I've got 2 computers (Windows and FreeBSD - each with their own real ip) and a 3rd computer with no real ip (it's using 192.168.1.2 at the moment), all needing to go through a cable modem, but still be firewalled and networked (microsoft network - ie: shared drives/printers), and the 192.168.1.2 machine to be masqueraded. At first i played around with subnets and managed to have all 3 computers on my switch, with the cable modem coming off a second NIC in FreeBSD, but it was rather messy and ruined the routing for the subnet that i was faking. Secondly i tried bridging the 2 NICs in FreeBSD, which seemed to work except for 3 things: * FreeBSD spontaneously crashing with some sort of error like "invalid page something-a-rather" and rebooting randomly after only a few minutes of operation - i disabled bridging and it stops crashing. * Difficulty with firewalling for each interface and direction (data for my lan seemed to go out the cable modem NIC according to ipfw, but actually went through my LAN NIC) * Windows networking not going too well because of broadcasts not working. My third solution which i haven't tried yet was to simply plug all 3 computers into the switch and buy another computer for a dedicated firewall/bridge between the uplink on my switch and the cable modem. It's rather expensive though and i'm not 100% sure if it'd work. Could anybody please help me? I need to know if any of my first 2 configurations would've worked if i'd done it a different way, or if the 3rd solution will actually work, or if there is another solution? At the moment i have the 192.168.1.2 going into FreeBSD, and FreeBSD and Windows into the switch, with the cable modem on the uplink - which is not the ideal setup because windows is not firewalled and i don't even want to think about trying microsoft networking with such an awkward and insecure setup. Regards, Chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000828003335.00aa2a30>