From owner-freebsd-questions@FreeBSD.ORG Fri May 6 01:05:40 2011 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0DA99106566C for ; Fri, 6 May 2011 01:05:40 +0000 (UTC) (envelope-from DStaal@usa.net) Received: from mail.magehandbook.com (173-8-4-45-WashingtonDC.hfc.comcastbusiness.net [173.8.4.45]) by mx1.freebsd.org (Postfix) with ESMTP id D72DC8FC1B for ; Fri, 6 May 2011 01:05:39 +0000 (UTC) Received: from [192.168.1.50] (Mac-Pro.magehandbook.com [192.168.1.50]) by mail.magehandbook.com (Postfix) with ESMTP id E1AB8BF9; Thu, 5 May 2011 20:49:22 -0400 (EDT) Date: Thu, 05 May 2011 20:49:22 -0400 From: Daniel Staal To: =?UTF-8?Q?Leonardo_M=2E_Ram=C3=A9?= , questions@freebsd.org Message-ID: <63C1F6F4EE966ADF8471C35F@mac-pro.magehandbook.com> In-Reply-To: <687701.10024.qm@web113506.mail.gq1.yahoo.com> References: <687701.10024.qm@web113506.mail.gq1.yahoo.com> X-Mailer: Mulberry/4.0.8 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Cc: Subject: Re: Home firewall with DLink router and FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: FreeBSD Questions List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 May 2011 01:05:40 -0000 --As of May 5, 2011 5:37:52 PM -0700, Leonardo M. Ram=C3=A9 is alleged to = have=20 said: > Hi, at home I have a DLink Dir 300 router to provide internet access for > my home network. The network is composed by two Windows PCs, one Linux > laptop and one FreeBSD server we use mainly for storage and as > web/database server. > > I must add, the server only have one network card. > > I would like to know if its possible to use the FreeBSD server as a > Firewall for the whole network, securing LAN and WiFi connections. If > this can be done, then how? could you point me to some howto?. --As for the rest, it is mine. I don't know of any howto's but it is possible. You would need to set up=20 the FreeBSD box with two ip's on it's interface, (one as an alias), and=20 have them on separate networks. (Sharing the same hardware, but with=20 non-overlapping ip ranges. Make one a 10.* network and one a 192.168.*=20 network.) One is the 'outside' network, and includes your internet=20 gateway. The other is your 'inside' network and includes everything else.=20 (Including your WiFi access point.) Then you set up the FreeBSD box to route & NAT between them, and to=20 firewall along the way. A standard FreeBSD firewall howto would work=20 there, as long as you watch that you never specify an interface name in the = firewall rules, but use the IP address instead. However, I would not recommend this. It's way too easy to accidentally at=20 some later point put one of your home boxes on the 'outside' network and=20 then you've just bypassed your firewall. Another ethernet card won't cost=20 much, and will make the setup easier and more secure: You can then=20 physically separate the networks. Daniel T. Staal --------------------------------------------------------------- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. ---------------------------------------------------------------