OpenBSD/ (maybe FreeBSD) Firewall/Router/DNS

Tue May 11 09:21:31 PDT 2004

Sounds good to me but I'm still confused about how I need to set this up hardware wise. The link at freebsddiary sounds good to start with I guess. I don't know if I need any extra hardware either. I have at the moment 2 NICs and 2 crossover cables. Do I need more? Do I keep the NIC in this machine or do I move it to the machine that will be acting as a firewall/router/gateway? How do I set this up? Still confused on this part.

On Tue, May 11, 2004 at 12:26:59AM -0500, Micheal Patterson wrote:
> 
> 
> ----- Original Message ----- 
> From: "Bryan Cassidy" <b_cassidy at bellsouth.net>
> To: <freebsd-questions at freebsd.org>
> Sent: Tuesday, May 11, 2004 12:20 AM
> Subject: OpenBSD/ (maybe FreeBSD) Firewall/Router/DNS
> 
> 
> > Hello. I am currently running FreeBSD 4.9-RELEASE p-7. I am pretty
> comfortable with FreeBSD for the most part and really enjoy using it on a
> day to day basis. This is my thoughts. I have an older NEC PC that I would
> like to put to some use. First off I don't know if I need any 'extra'
> hardware. I have now 1 DSL modem (dhcp - could get static, is it worth
> getting?), 3 NICs, and 2 cables to connect the ethernet cards. I have just
> been reading up on Firewalls on FreeBSD using ipfw. I would basically like
> to do the following. I want to install OpenBSD 3.5 or Possibly one of the
> FreeBSD 4.x, 5.x, 4-stable, current or whatever. Which would you all
> recommend using in this situation? I want to continue to use my nice newer,
> much faster computer to do all configurations to the system, updates,
> installing software, running apache, configuring firewall, etc. etc. etc.
> via ssh (good choice?) to the other/older box. Would really appreciate some
> insight on this topic. Networking/Security is becoming very interesting to
> my. Thanks. Don't forget, do I need any 'extra' hardware?
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
> >
> 
> I can't speak for anyone else but myself, but here's my opinion on this.
> 
> If you have an older box, you'll need 2 nics. One (external / serial
> interface) to the dsl modem (crossover cable), one to the lan side. If this
> is also to a PC, you'll need another crossover cable. If the old NEC is a
> 486 with at least 32 mb ram, that should be all you'll need hardware wise as
> long a it's got a couple of gig for drive space. If you want to enable full
> firewall logging, you'll need more disk space for that of course. What I'd
> recommend doing in your situation, is the same as I have here at home. Have
> the bsd box (I prefer freebsd myself) connect to your provider and pull the
> ip on the serial interface, then assign a private ip to the internal nic and
> to the systems behind it on the lan. Then on the bsd box, enable nat and the
> first rule of your firewall will be a divert rule to pass everything to NAT.
> 
> For more info on this and it's configuration, check out
> 
> 
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/book.html
> 
> or
> 
> http://www.freebsddiary.org/ipfw.php
> 
> If you're still wanting more info, then I'd recommend a google search for
> freebsd natd and / or freebsd ipfw to get a lot of good and useful info.
> 
> Hope it helps.
> --
> 
> Micheal Patterson
> TSG Network Administration
> 405-917-0600
> 
> Confidentiality Notice:  This e-mail message, including any attachments, is
> for the sole use of the intended recipient(s) and may contain confidential
> and privileged information. Any unauthorized review, use, disclosure or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"