Date: Tue, 02 Aug 2005 13:43:12 -0400 From: "Stephan Weaver" <stephanweaver@hotmail.com> To: cswiger@mac.com Cc: freebsd-questions@freebsd.org Subject: Re: Networking with FreeBSD Message-ID: <BAY20-F26DD26698131F30257D9FA8C20@phx.gbl> In-Reply-To: <42EFAF93.5060800@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>From: Chuck Swiger <cswiger@mac.com> >To: Stephan Weaver <stephanweaver@hotmail.com> >CC: freebsd-questions@freebsd.org >Subject: Re: Networking with FreeBSD >Date: Tue, 02 Aug 2005 13:38:27 -0400 > >Stephan Weaver wrote: >[ ... ] >>But AFAIK, By Placing all these network cards in the Same Machine, FreeBSD >>Will Bridge All Those Networks. > >FreeBSD is well-behaved in terms of security. It will not act as a layer-2 >bridge or as a layer-3 IP router/firewall, unless and until you tell it to >do so. > >See the options set in /etc/rc.conf and /etc/defaults/rc.conf such as: > >gateway_enable="NO" # Set to YES if this host will be a >gateway. >router_enable="NO" # Set to YES to enable a routing daemon. >firewall_enable="NO" # Set to YES to enable firewall >functionality >firewall_script="/etc/rc.firewall" # Which script to run to set up the >firewall >firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) > >...or "man bridge". > >>How Can i keep the networks Separate, and Secure the Servers by >>Firewalling by ip addressing? > >Well, if you set the machines up on three or four seperate subnets, each on >a seperate collision domain (ie, each with it's own hub or switch VLAN), >you can firewall traffic both by subnet and by individual IPs. A proper >ruleset will integrate anti-spoofing rules which will prevent a machine >from sending traffic as if it were an IP on another subnet, or at least >prevent the traffic from going through the firewall to reach your private >internal networks. > >Obviously, you want to keep untrusted machines on another subnet than the >servers you are protecting. Go read "Building Internet Firewalls" >published by O'Reilley, as well as http://www.ietf.org/rfc/rfc2196.txt... > >-- >-Chuck > Thank You So Very Much for your quick response. I am familar with firewalling, but i never done something like this. Mabee you can give me an actual Example from my reference. Using my networks ect. What i want to do is seperate the network's on the same wire. _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY20-F26DD26698131F30257D9FA8C20>