Date: Wed, 3 Aug 2005 12:13:02 +0300 From: Ivailo Tanusheff <i.tanusheff@procreditbank.bg> To: "Stephan Weaver" <stephanweaver@hotmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Networking with FreeBSD Message-ID: <OF84593AC5.0D8234DB-ONC2257052.00326113-C2257052.0032A1E7@procreditbank.bg> In-Reply-To: <BAY20-F2F61C3D84924A4CD57576A8C20@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
You can use ipf or ipfw as firewall to create a set of rules, allowind and denying access to different resources from/to different network. Also you can use ipnat to make NAT translation if needed. Personally I'd advice you to use ipf as packet filter, ipfw as traffic shaper and ipnat for NAT. Hope this will help you, there are tons of topics and howto's about using ipf, ipfw and ipnat :) Ivailo Tanusheff Senior System administrator ProCredit Bank (Bulgaria) AD tel. +359 2 921 7161 fax +359 2 921 7110 http://www.procreditbank.bg Disclaimer: The information contained in this message is intended solely for the use of individual or entity to whom it is addressed and other authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this message is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. ProCredit Bank is neither liable for the proper and complete transmission of the information contained in this message nor for any delay in its receipt. "Stephan Weaver" <stephanweaver@hotmail.com> Sent by: owner-freebsd-questions@freebsd.org 08/02/2005 07:26 PM To freebsd-questions@freebsd.org cc Subject Networking with FreeBSD Hello Everyone. We are going to be connecting our Stores to our Main Head Office Via Fiber. We want to separate our Internal Lan from the store computers. So we have decided to separate them by networks [ip addressing] because of security. Head Office I have 3 Servers in my LAN. And 4 Networks in Total inside of out Head Office. 10.10.10.1 - Pixel Replication Server 192.168.1.1 - Web Based Server [Delivery Server] 192.168.100.1 - File Server Including Internet Users. 192.168.0.1-254 [ Lan ]. The store computers that need to access specific servers, are only on that network. For example. Store 1, Computer 1 Needs to Replicate [he will have an ip of 10.10.10.105] Store 1, Computer 2 [The Delivery Pc]. he will have an ip of 192.168.1.105 Store 1, Computer 3 Will access the File Server by having an ip of 192.168.100.105. Now the Risk involved with this is we have no Real Security, For Example. A Malicious user can easily change his ip address to 192.168.0.105 For Example and Get on our Head Office Internal Network. Which We don't Want. So i would like to Setup, Install And Configure a FreeBSD Based Firewall, that will have 4 Network Cards, and will be placed between Our Head Office Switch, and out Fibre Switch [Wan]. But AFAIK, By Placing all these network cards in the Same Machine, FreeBSD Will Bridge All Those Networks. How Can i keep the networks Separate, and Secure the Servers by Firewalling by ip addressing? I would appreciate Advice / Suggestions / Anything That will give me a better clue on how to secure my network. Yours Sincerely, Stephan Weaver _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OF84593AC5.0D8234DB-ONC2257052.00326113-C2257052.0032A1E7>