Networking with FreeBSD
Stephan Weaver
stephanweaver at hotmail.com
Tue Aug 2 17:43:13 GMT 2005
>From: Chuck Swiger <cswiger at mac.com>
>To: Stephan Weaver <stephanweaver at hotmail.com>
>CC: freebsd-questions at freebsd.org
>Subject: Re: Networking with FreeBSD
>Date: Tue, 02 Aug 2005 13:38:27 -0400
>
>Stephan Weaver wrote:
>[ ... ]
>>But AFAIK, By Placing all these network cards in the Same Machine, FreeBSD
>>Will Bridge All Those Networks.
>
>FreeBSD is well-behaved in terms of security. It will not act as a layer-2
>bridge or as a layer-3 IP router/firewall, unless and until you tell it to
>do so.
>
>See the options set in /etc/rc.conf and /etc/defaults/rc.conf such as:
>
>gateway_enable="NO" # Set to YES if this host will be a
>gateway.
>router_enable="NO" # Set to YES to enable a routing daemon.
>firewall_enable="NO" # Set to YES to enable firewall
>functionality
>firewall_script="/etc/rc.firewall" # Which script to run to set up the
>firewall
>firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall)
>
>...or "man bridge".
>
>>How Can i keep the networks Separate, and Secure the Servers by
>>Firewalling by ip addressing?
>
>Well, if you set the machines up on three or four seperate subnets, each on
>a seperate collision domain (ie, each with it's own hub or switch VLAN),
>you can firewall traffic both by subnet and by individual IPs. A proper
>ruleset will integrate anti-spoofing rules which will prevent a machine
>from sending traffic as if it were an IP on another subnet, or at least
>prevent the traffic from going through the firewall to reach your private
>internal networks.
>
>Obviously, you want to keep untrusted machines on another subnet than the
>servers you are protecting. Go read "Building Internet Firewalls"
>published by O'Reilley, as well as http://www.ietf.org/rfc/rfc2196.txt...
>
>--
>-Chuck
>
Thank You So Very Much for your quick response.
I am familar with firewalling, but i never done something like this.
Mabee you can give me an actual Example from my reference.
Using my networks ect.
What i want to do is seperate the network's on the same wire.
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
More information about the freebsd-questions
mailing list