Date: Tue, 11 May 2004 11:37:28 -0500 From: "Steven N. Fettig" <freebsd@stevenfettig.com> To: Bryan Cassidy <b_cassidy@bellsouth.net> Cc: freebsd-questions@freebsd.org Subject: Re: OpenBSD/ (maybe FreeBSD) Firewall/Router/DNS Message-ID: <40A10148.6070108@stevenfettig.com> In-Reply-To: <20040511173157.GA82076@bellsouth.net> References: <20040511052016.GA23553@bellsouth.net> <020f01c43718$98959860$0201a8c0@dredster> <20040511173157.GA82076@bellsouth.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Bryan Cassidy wrote: >Sounds good to me but I'm still confused about how I need to set this up hardware wise. The link at freebsddiary sounds good to start with I guess. I don't know if I need any extra hardware either. I have at the moment 2 NICs and 2 crossover cables. Do I need more? Do I keep the NIC in this machine or do I move it to the machine that will be acting as a firewall/router/gateway? How do I set this up? Still confused on this part. > > Another recommendation (although slightly outdated) is : http://mostgraveconcern.com/freebsd/ (take a look at the dual-homed system howto). You ideally need 2 NIC's in your NEC machine that you want to use as a gateway/router/firewall.* Then, assuming that you want to connect to the internet on another computer, you need a NIC in that machine. If you have more than one computer besides the NEC, then you need NIC's for those machines and a hub in between. Take a look at the HARDWARE text for whatever version of FreeBSD you are installing to make sure it supports your NIC's. If you load the system and find that the NIC's aren't supported, you will have wasted a bit of time... (I'd be surprised, though, if you have a NIC that isn't supported... never met one myself.) So, the diagram looks a bit like this: xDSL/Cable Modem <-- cable/crossover cable --> NIC1 | NEC | NIC2 <-- cable/crossover cable --> *inside* computer where the NEC is the machine doing the NAT/Firewalling and Routing. The xDSL/Cable Modem simply gives you your connection to the net. As far as configuring the NEC, you need to spend some time to understand what NAT is and what you want to be able to do with your *inside* computers. Most of the ipfw howto's have pretty good rulesets to work with, so you don't have to worry so much about that issue - but you should eventually take time to really understand what your firewall is actually doing. hth, Steve Fettig * I say *ideally* because you *can* do it with one NIC - but that really defeats the purpose of setting that machine up as your gateway/router/firewall due to the ability for someone to spoof an address from the internal network. >On Tue, May 11, 2004 at 12:26:59AM -0500, Micheal Patterson wrote: > > >>----- Original Message ----- >>From: "Bryan Cassidy" <b_cassidy@bellsouth.net> >>To: <freebsd-questions@freebsd.org> >>Sent: Tuesday, May 11, 2004 12:20 AM >>Subject: OpenBSD/ (maybe FreeBSD) Firewall/Router/DNS >> >> >> >> >>>Hello. I am currently running FreeBSD 4.9-RELEASE p-7. I am pretty >>> >>> >>comfortable with FreeBSD for the most part and really enjoy using it on a >>day to day basis. This is my thoughts. I have an older NEC PC that I would >>like to put to some use. First off I don't know if I need any 'extra' >>hardware. I have now 1 DSL modem (dhcp - could get static, is it worth >>getting?), 3 NICs, and 2 cables to connect the ethernet cards. I have just >>been reading up on Firewalls on FreeBSD using ipfw. I would basically like >>to do the following. I want to install OpenBSD 3.5 or Possibly one of the >>FreeBSD 4.x, 5.x, 4-stable, current or whatever. Which would you all >>recommend using in this situation? I want to continue to use my nice newer, >>much faster computer to do all configurations to the system, updates, >>installing software, running apache, configuring firewall, etc. etc. etc. >>via ssh (good choice?) to the other/older box. Would really appreciate some >>insight on this topic. Networking/Security is becoming very interesting to >>my. Thanks. Don't forget, do I need any 'extra' hardware? >> >> <snip>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40A10148.6070108>