Date: Mon, 20 Aug 2018 10:44:18 +0200 From: Polytropon <freebsd@edvax.de> To: Arturo Rafael =?ISO-8859-1?Q?Ram=EDrez_Brice=F1o?= <harturo_ramirez@hotmail.com> Cc: "questions@FreeBSD.org" <questions@freebsd.org> Subject: Re: I beg your response ... / Ruego su respuesta... Message-ID: <20180820104418.20cd6909.freebsd@edvax.de> In-Reply-To: <BN6PR01MB2451FBD3E8B944E47F208D8E8D330@BN6PR01MB2451.prod.exchangelabs.com> References: <BN6PR01MB245119DF1451C1312D2150578D330@BN6PR01MB2451.prod.exchangelabs.com> <BN6PR01MB24511CEC66A1068DC9B4FF2A8D330@BN6PR01MB2451.prod.exchangelabs.com> <20180819205328.eb81c27b.freebsd@edvax.de> <BN6PR01MB2451FBD3E8B944E47F208D8E8D330@BN6PR01MB2451.prod.exchangelabs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Re-including list, hope that's okay. On Sun, 19 Aug 2018 20:49:19 +0000, Arturo Rafael Ram=EDrez Brice=F1o wrote: > In the context of "preventing the nodes of the same lan from being > seen" is to say that files, printers, and other resources can not > be shared on the network; but nevertheless, through the server, each > node can access the internet. If possible, how can I do it? This doesn't really look like a task for a firewall, but instead I'd suggest to take a close look at resource management at the individual nodes. Simply don't enable the sharing ability for resources (like file access or printer access): If a node doesn't allow access to its files and printer, no other node can access it. On FreBSD, the system default settings do not offer any resource access, so if your nodes are FreeBSD computers, there is nothing you need to do. Access to the Internet through a server is easy. FreeBSD's IPFW firewall for example can be used here, in combination with NAT - which, by the way, is a quite typical setting. Additionally, such servers often add a 3rd thing to the mix: a DHCP server (for example isc-dhcpd). The advantage here is that all configuration can be done in "O(1) manner" on the server, like DHCP configuration, fixed or dynamically allocated addresses, Internet access permissions per node, if desired, or central resource sharing, like one printer that everyone can use. This approach is superior to the common "O(n) manner" where the amount of work is equivalent to the number of nodes in the network - more computers, more work. The information to implement the firewall-side for such a setting can be found in the FreeBSD Handbook: https://www.freebsd.org/doc/handbook/firewalls-ipfw.html There is more interesting information in this forum thread: https://forums.freebsd.org/threads/about-ipfw-nat.62177/ Instead of stupid copypasta, it really helps to make a short list (with pen and paper) where you draw and describe your desired network layout, permissions to access the Internet, and resource sharing. From this point, create your configuration settings (for rc.conf, ipfw.rules, and if desired, for dhcpd.conf). Always remember that a firewall (and servers in general, but node PCs as well) belong to the realm of thinking about security. :-) --=20 Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180820104418.20cd6909.freebsd>