From owner-freebsd-questions Sun Aug 27 6:49:58 2000 Delivered-To: freebsd-questions@freebsd.org Received: from bsd.binkyware.com (CPE-144-132-43-159.vic.bigpond.net.au [144.132.43.159]) by hub.freebsd.org (Postfix) with ESMTP id 9B7E737B423 for ; Sun, 27 Aug 2000 06:49:54 -0700 (PDT) Received: from x (windows [144.132.43.156]) by bsd.binkyware.com (Postfix) with ESMTP id 423C9CCE8 for ; Mon, 28 Aug 2000 00:49:51 +1100 (EST) Message-Id: <4.2.2.20000828003335.00aa2a30@bsd> X-Sender: l@bsd X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Mon, 28 Aug 2000 00:49:47 +1100 To: freebsd-questions@FreeBSD.ORG From: Chris Pauly Subject: Firewall solutions? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, I've been trying to get a decent firewall running here but i there always seems to be something in the way, and i could do with some advice. I've got 2 computers (Windows and FreeBSD - each with their own real ip) and a 3rd computer with no real ip (it's using 192.168.1.2 at the moment), all needing to go through a cable modem, but still be firewalled and networked (microsoft network - ie: shared drives/printers), and the 192.168.1.2 machine to be masqueraded. At first i played around with subnets and managed to have all 3 computers on my switch, with the cable modem coming off a second NIC in FreeBSD, but it was rather messy and ruined the routing for the subnet that i was faking. Secondly i tried bridging the 2 NICs in FreeBSD, which seemed to work except for 3 things: * FreeBSD spontaneously crashing with some sort of error like "invalid page something-a-rather" and rebooting randomly after only a few minutes of operation - i disabled bridging and it stops crashing. * Difficulty with firewalling for each interface and direction (data for my lan seemed to go out the cable modem NIC according to ipfw, but actually went through my LAN NIC) * Windows networking not going too well because of broadcasts not working. My third solution which i haven't tried yet was to simply plug all 3 computers into the switch and buy another computer for a dedicated firewall/bridge between the uplink on my switch and the cable modem. It's rather expensive though and i'm not 100% sure if it'd work. Could anybody please help me? I need to know if any of my first 2 configurations would've worked if i'd done it a different way, or if the 3rd solution will actually work, or if there is another solution? At the moment i have the 192.168.1.2 going into FreeBSD, and FreeBSD and Windows into the switch, with the cable modem on the uplink - which is not the ideal setup because windows is not firewalled and i don't even want to think about trying microsoft networking with such an awkward and insecure setup. Regards, Chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message