Re: Two NICs in Single BOX and two separate network connection handling
- In reply to: Polytropon : "Re: Two NICs in Single BOX and two separate network connection handling"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 01 Jul 2022 07:38:48 UTC
List, It's my pleasure to receive all of your valuable inputs for a new situation which I am not familiar with. This helps me to understand where to start and what to do... Thank you all fellow BSDians and great support from this FBSD mailing list. Krish On Wed, Jun 29, 2022 at 12:48 PM Polytropon <freebsd@edvax.de> wrote: > On Tue, 28 Jun 2022 23:05:11 -0500, Doug McIntyre wrote: > > On Tue, Jun 28, 2022 at 10:51:52PM +0530, KK CHN wrote: > > > Can some one shed some light on this? > > > > > > I have a server box with two interface cards. I want to use the > scenario > > > like this > > > > You want to make a router/Firewall. > > Looks like it. > > > > > While you can certainly do this with the base FreeBSD system no > > problem, the level of questions you are asking would tend to make me > > believe you are a beginner, that may be better served by running an > > appliance (appropriately based around FreeBSD) that would do more of > > the heavy lifting for you to start with. > > No need - FreeBSD can do this just fine. The parts involved here > seem to be (according to the short description of intention): > > - regular network configuration, maybe PPPoE (but > unlikely these days) for "outer" interface > > - DHCP server (dhcpd) for "inner" interface > > - NAT to connect them > > - simple IPFW rules for traffic control > > And that's about it. All those parts are covered in the Handbook. > It should at least be a good starting point that can reveal which > other, more detailed questions may arise. > > Specific files are /etc/rc.conf and /etc/ipfw.rules, as well > as the DHCP configuration file, often /usr/local/etc/dhcpd.conf. > > Needless to say, what the OP seems (!) to request is something > quite typical for a FreeBSD machine, and has been a solved problem > for many decades now. Even I have implemented such setups with > varying degrees of deviation from the standard assumptions. ;-) > > I'd also suggest to implement things piece by piece, i. e., get > the machine to connect to your ISP first, then get the clients > connect to your machine, and finally bring both worlds together. > Configure restrictions as needed, or go with "enable things one > by one", depending on your security model. > > > > > Systems such as opnsense.org, or pfsense.org may be better to start > with. > > They are much the same, so either would be good to start with. > > As long as it's okay for the user to deal with the overhead (such > a web server for configuration GUI, if needed and intended), those > are a solution that easily can be simply added without actually > knowing the specific details and which will _still_ work - plus, > they can be a good point to learn _how_ things are done, so it's > easier to implement them by oneself in regular FreeBSD. > > > > -- > Polytropon > Magdeburg, Germany > Happy FreeBSD user since 4.0 > Andra moi ennepe, Mousa, ... > >