Date: Fri, 30 Nov 2001 23:47:04 -0600 (CST) From: hawkeyd@visi.com (D J Hawkey Jr) To: darryl@osborne-ind.com, freebsd-questions@freebsd.org Subject: Re: DSL & 4.3 Message-ID: <200112010547.fB15l4D51151@sheol.localdomain> In-Reply-To: <002501c178e2$399c4850$0701a8c0_darryl@ns.sol.net> References: <002501c178e2$399c4850$0701a8c0_darryl@ns.sol.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <002501c178e2$399c4850$0701a8c0_darryl@ns.sol.net>, darryl@osborne-ind.com writes: > Greetings, > We are just getting DSL (rural America here). Previously, > I had a PC installed with 4.3, running ppp -auto -nat, etc. > > The ISP provides a DSL router (Slipstream) that you plug into > your network hub/switch. It can do nat, filtering, etc. I'm > not sure how good it is at security, so I'd like to configure > the old FreeBSD 4.3 box to do security for my network. How > should I do that ? IE, do I put two nics in the FreeBSD box, > connect one interface to the slipstream router, and plug the > other into my network switch ? > > Any ideas on this would be greatly appreciated, as I am looking > to have good security. On 24/7 with a dedicated IP can allow > a lot of nefarious types the opportunity to pound on my connection. IMHO, you're on the right track. My ISP gave me a /30 network, which maps out like this: ---8<--- Outside Inside assigned pub dc1 dc0 IP +-----+eth = 208.42.10.10 +-------------+ 192.168.16.2 ------>| 678 |-------------------------->| FreeBSD box |---------> DSL +-----+ 208.42.10.9+-------------+ Inside (note, I just picked some IP's at random, you won't get these, or use these particular ones). So, now you have real IP's, your 678 gets a packet in for 208.42.10.9, and pushes it down. No NAT translation takes place on the 678. Most of the rest of the Net now sees most of your packets as coming from 208.42.10.9, which just routes through from the connected route the 678 already has. --->8--- Note that the conversation implies that the DSL router (Cisco 678) does nothing but pass raw packets through to the FreeBSD box. No NAT, no nothing. The FreeBSD box does NAT, FW, and DNS for the internal 192.168.16/24 network. It's (the FreeBSD box) been running flawlessly, with plenty of spare cycles such that it is also an X workstation/developer's box (Celeron 766Mhz). Oh! Note also that the wire from the router to the FreeBSD box is a corss-over cable - they're "like" interfaces. > thanks, > Darryl Hope this helps, Dave -- Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming, or what?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200112010547.fB15l4D51151>