Date: Thu, 01 Oct 1998 02:21:21 -0500 From: Kim Shrier <kim@tinker.com> To: Alejandro Galindo Chairez AGALINDO <agalindo@servidor.exsocom.com.mx> Cc: questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Firewall with 2 NIC and a NET class C Message-ID: <36132D71.39FCD5A3@tinker.com> References: <Pine.BSF.3.96.981001000443.24945A-100000@servidor.exsocom.com.mx>
next in thread | previous in thread | raw e-mail | index | archive | help
You have a couple of ways to approach this. You could use network address translation and have private addresses for all your machines. The "public" machines would have static mappings to real IP addresses that are aliased on the outside interface of the firewall. You would also use ipfw rules to control the traffic. Another approach is to split your class C into subnets, one subnet for the outside interface and the other for the inside interface, and then set up ipfw rules and routes in the firewall to control the traffic. If you want, I can help you with the rules once I know how you want to proceed. Kim Shrier kim@tinker.com Alejandro Galindo Chairez AGALINDO wrote: > > Hello! > > I have a network class C (conected to Internet), some hackers are > cracking my server and i need to install a firewall. > > I have 2 xl NIC's (xl0 and xl1), but i dont know how will be the > rc.firewall configuration and how i can protect all my network for outside > attacks. > > In the rc.firewall i use the "simple" firewall type, but i dont > understand how i can divide my network class C in 2 networks (with a mask > 255.255.255.128 sample). > > I need to have real internet ip's in the 2 NIC's becouse i want to > protect my WWW and e-mail servers. > > Here is a sample of what i have and what i need: > > INTERNET > | > | > My router (208.195.117.2) > | > | > ----------------------- (network class C 208.195.117.*) > | | | > | | | > WWW server email server and PCs > 208.195.117.11 208...12 208...13 (sample) > > I need to protect all my network and i think the solution can be: > > INTERNET > | > | > ROUTER (208.195.117.2) > | > | maybe mask 255.255.255.128 > FIREWALL (208.195.117.14) xl0 (first NIC) > | > | 208.195.117.129 xl1 (second NIC) of the firewall > ------------------------ > | | | maybe mask 255.255.255.128 > | | | > WWW server email server PC's ... > 208.195.117.130 208...131 208...132 etc > > Please i need help i how to plain the network and how to indicate the > rules in the rc.firewall > > Iam desesperate becouse my network is attacked. > > Thanks in advanced > > Alejandro Galindo > > ---------------------------------------------------------------------------- > | , , | > | /( )` | > | \ \___ / | | > | /- _ `-/ ' | > | (/\/ \ \ /\ | > | ExSoCom Dgo. MEXICO / / | ` \ | > | O O ) / | | > | `-^--'`< ' | > | (_.) _ ) / | > | Alejandro Galindo `.___/` / | > | Tel: (52 18) 179177 `-----' / | > | Fax: (52 18) 185155 <----. __ / __ \ | > | <----|====O)))==) \) /==== | > | e-mail alejandro.galindo@exsocom.com.mx <----' `--' `.__,' \ | > | | | | > | http://www.exsocom.com.mx \ / /\| > | ______( (_ / \______/ | > | ,' ,-----' | | > | a FreeBSD ISP `--{__________) | > ---------------------------------------------------------------------------- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36132D71.39FCD5A3>