Using IPFW/NAT with multiport PCI cards
Toni Heinonen
Toni.Heinonen at teleware.fi
Tue Mar 30 00:12:27 PST 2004
> I am writing to request for advise/recommendations on the
> subject. I've
> been tasked to build a router/firewall based on FreeBSD. I'd
> like to use
> 5.2-RELEASE.
>
> Now my only problem is that I have played a little with ipfw in a
> situation where I have just two interfaces, 1 external and 1 internal.
> My current requirement however involves one external interface and
> four (or more) internal interfaces (which should all be SEPARATE
> networks, invisible from each other).
Sure, this is possible. To tell you the truth, if you're not sure how to do it, the cheapest and easiest way would be to just get 4 ethernet cards for the internal interfaces. However, the most dynamic way would be to get an ethernet card that supports 802.1q or Cisco ISL, which are switch trunking protocols. You could then separate the networks into different virtual LANs in a switch, that was connected to the 802.1q NIC. That NIC would then have an IP address from each of the networks.
I'm not sure how 802.1q can be configured in FreeBSD, but that shouldn't be too hard - the more difficult part should be configuring the switch.
More information about the freebsd-questions
mailing list