Date: Tue, 02 Aug 2005 13:15:51 -0400 From: "Stephan Weaver" <stephanweaver@hotmail.com> To: youshi10@u.washington.edu Cc: freebsd-questions@freebsd.org Subject: Re: Networking with FreeBSD Message-ID: <BAY20-F1EB02A87D01A8F580BFEAA8C20@phx.gbl> In-Reply-To: <Pine.A41.4.61b.0508021000460.224088@dante76.u.washington.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
>From: Garrett Cooper <youshi10@u.washington.edu> >To: Stephan Weaver <stephanweaver@hotmail.com> >CC: freebsd-questions@freebsd.org >Subject: Re: Networking with FreeBSD >Date: Tue, 2 Aug 2005 10:10:44 -0700 (PDT) > >On Tue, 2 Aug 2005, Stephan Weaver wrote: > >>Hello Everyone. >> >>We are going to be connecting our Stores to our Main Head Office Via >>Fiber. >>We want to separate our Internal Lan from the store computers. >>So we have decided to separate them by networks [ip addressing] because of >>security. >> >> >>Head Office >>I have 3 Servers in my LAN. And 4 Networks in Total inside of out Head >>Office. >>10.10.10.1 - Pixel Replication Server >>192.168.1.1 - Web Based Server [Delivery Server] >>192.168.100.1 - File Server >>Including Internet Users. >>192.168.0.1-254 [ Lan ]. >> >> >>The store computers that need to access specific servers, are only on that >>network. >>For example. >>Store 1, Computer 1 Needs to Replicate [he will have an ip of >>10.10.10.105] >>Store 1, Computer 2 [The Delivery Pc]. he will have an ip of 192.168.1.105 >>Store 1, Computer 3 Will access the File Server by having an ip of >>192.168.100.105. >> >> >>Now the Risk involved with this is we have no Real Security, For Example. >>A Malicious user can easily change his ip address to 192.168.0.105 For >>Example and Get on our Head Office Internal Network. Which We don't Want. >> >> >>So i would like to Setup, Install And Configure a FreeBSD Based Firewall, >>that will have 4 Network Cards, and will be placed between Our Head Office >>Switch, and out Fibre Switch [Wan]. >> >>But AFAIK, By Placing all these network cards in the Same Machine, FreeBSD >>Will Bridge All Those Networks. >>How Can i keep the networks Separate, and Secure the Servers by >>Firewalling by ip addressing? >> >> >>I would appreciate Advice / Suggestions / Anything That will give me a >>better clue on how to secure my network. >> >> >> >>Yours Sincerely, >>Stephan Weaver > > I can tell you as of right now that you're going to have to setup a NAT >with your FreeBSD box acting as the gateway using something like ipf, >ipfilter, etc. However, I have little experience with this, and depending >on what you want in terms of user interaction, different solutions will >pose certain pros and cons. > Also, no one outside of the network can just change their IP address to >192.168.0.x because the 192.168.x.y IP address blocks are reserved as Class >C addresses which under all correct implementations of IP physically >inaccessible outside the network. Therefore, that isn't so much of an >issue... however, it still doesn't hurt to have a firewall because you >don't want someone tunnelling in and wreaking havok on your network. That >is of course if the information you listed above was in fact what's >currently implemented as opposed to what should be implemented. > Just a few minor thoughts. >-Garrett Nothing is implimented as yet, i am looking for solutions. Thanks EVERYONE! Love You Guys stephan weaver _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY20-F1EB02A87D01A8F580BFEAA8C20>