From owner-freebsd-questions@FreeBSD.ORG Wed Aug 3 09:13:21 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 47B7816A41F for ; Wed, 3 Aug 2005 09:13:21 +0000 (GMT) (envelope-from i.tanusheff@procreditbank.bg) Received: from mail.procreditbank.bg (mail.procreditbank.bg [212.95.179.198]) by mx1.FreeBSD.org (Postfix) with SMTP id 4958543D48 for ; Wed, 3 Aug 2005 09:13:07 +0000 (GMT) (envelope-from i.tanusheff@procreditbank.bg) Received: (qmail 89536 invoked from network); 3 Aug 2005 12:13:01 +0300 Received: from unknown (HELO localhost) (127.0.0.1) by localhost with SMTP; 3 Aug 2005 12:13:01 +0300 Received: from proxy.procreditbank.bg ([127.0.0.1]) by localhost (mail.procreditbank.bg [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 54605-1016 for ; Wed, 3 Aug 2005 12:13:00 +0300 (EEST) Received: (qmail 89529 invoked from network); 3 Aug 2005 09:13:00 -0000 Received: from unknown (HELO outmail.procreditbank.bg) (172.16.248.123) by mail.procreditbank.bg with SMTP; 3 Aug 2005 09:13:00 -0000 In-Reply-To: To: "Stephan Weaver" MIME-Version: 1.0 X-Mailer: Lotus Notes Release 6.5.1 January 21, 2004 From: Ivailo Tanusheff Message-ID: Date: Wed, 3 Aug 2005 12:13:02 +0300 X-MIMETrack: Serialize by Router on DOMINO_HQ/PROCREDITBANK(Release 6.5.1|January 21, 2004) at 08/03/2005 12:13:00 PM, Serialize complete at 08/03/2005 12:13:00 PM X-Virus-Scanned: by amavisd-new using ClamAV at procreditbank.bg Content-Type: text/plain; charset="US-ASCII" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: Networking with FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Aug 2005 09:13:21 -0000 You can use ipf or ipfw as firewall to create a set of rules, allowind and denying access to different resources from/to different network. Also you can use ipnat to make NAT translation if needed. Personally I'd advice you to use ipf as packet filter, ipfw as traffic shaper and ipnat for NAT. Hope this will help you, there are tons of topics and howto's about using ipf, ipfw and ipnat :) Ivailo Tanusheff Senior System administrator ProCredit Bank (Bulgaria) AD tel. +359 2 921 7161 fax +359 2 921 7110 http://www.procreditbank.bg Disclaimer: The information contained in this message is intended solely for the use of individual or entity to whom it is addressed and other authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this message is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. ProCredit Bank is neither liable for the proper and complete transmission of the information contained in this message nor for any delay in its receipt. "Stephan Weaver" Sent by: owner-freebsd-questions@freebsd.org 08/02/2005 07:26 PM To freebsd-questions@freebsd.org cc Subject Networking with FreeBSD Hello Everyone. We are going to be connecting our Stores to our Main Head Office Via Fiber. We want to separate our Internal Lan from the store computers. So we have decided to separate them by networks [ip addressing] because of security. Head Office I have 3 Servers in my LAN. And 4 Networks in Total inside of out Head Office. 10.10.10.1 - Pixel Replication Server 192.168.1.1 - Web Based Server [Delivery Server] 192.168.100.1 - File Server Including Internet Users. 192.168.0.1-254 [ Lan ]. The store computers that need to access specific servers, are only on that network. For example. Store 1, Computer 1 Needs to Replicate [he will have an ip of 10.10.10.105] Store 1, Computer 2 [The Delivery Pc]. he will have an ip of 192.168.1.105 Store 1, Computer 3 Will access the File Server by having an ip of 192.168.100.105. Now the Risk involved with this is we have no Real Security, For Example. A Malicious user can easily change his ip address to 192.168.0.105 For Example and Get on our Head Office Internal Network. Which We don't Want. So i would like to Setup, Install And Configure a FreeBSD Based Firewall, that will have 4 Network Cards, and will be placed between Our Head Office Switch, and out Fibre Switch [Wan]. But AFAIK, By Placing all these network cards in the Same Machine, FreeBSD Will Bridge All Those Networks. How Can i keep the networks Separate, and Secure the Servers by Firewalling by ip addressing? I would appreciate Advice / Suggestions / Anything That will give me a better clue on how to secure my network. Yours Sincerely, Stephan Weaver _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"