Re: Two NICs in Single BOX and two separate network connection handling
- Reply: Steve O'Hara-Smith : "Re: Two NICs in Single BOX and two separate network connection handling"
- Reply: KK CHN : "Re: Two NICs in Single BOX and two separate network connection handling"
- In reply to: Doug McIntyre : "Re: Two NICs in Single BOX and two separate network connection handling"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 29 Jun 2022 07:17:20 UTC
On Tue, 28 Jun 2022 23:05:11 -0500, Doug McIntyre wrote: > On Tue, Jun 28, 2022 at 10:51:52PM +0530, KK CHN wrote: > > Can some one shed some light on this? > > > > I have a server box with two interface cards. I want to use the scenario > > like this > > You want to make a router/Firewall. Looks like it. > While you can certainly do this with the base FreeBSD system no > problem, the level of questions you are asking would tend to make me > believe you are a beginner, that may be better served by running an > appliance (appropriately based around FreeBSD) that would do more of > the heavy lifting for you to start with. No need - FreeBSD can do this just fine. The parts involved here seem to be (according to the short description of intention): - regular network configuration, maybe PPPoE (but unlikely these days) for "outer" interface - DHCP server (dhcpd) for "inner" interface - NAT to connect them - simple IPFW rules for traffic control And that's about it. All those parts are covered in the Handbook. It should at least be a good starting point that can reveal which other, more detailed questions may arise. Specific files are /etc/rc.conf and /etc/ipfw.rules, as well as the DHCP configuration file, often /usr/local/etc/dhcpd.conf. Needless to say, what the OP seems (!) to request is something quite typical for a FreeBSD machine, and has been a solved problem for many decades now. Even I have implemented such setups with varying degrees of deviation from the standard assumptions. ;-) I'd also suggest to implement things piece by piece, i. e., get the machine to connect to your ISP first, then get the clients connect to your machine, and finally bring both worlds together. Configure restrictions as needed, or go with "enable things one by one", depending on your security model. > Systems such as opnsense.org, or pfsense.org may be better to start with. > They are much the same, so either would be good to start with. As long as it's okay for the user to deal with the overhead (such a web server for configuration GUI, if needed and intended), those are a solution that easily can be simply added without actually knowing the specific details and which will _still_ work - plus, they can be a good point to learn _how_ things are done, so it's easier to implement them by oneself in regular FreeBSD. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...