Networking with FreeBSD

Kevin Kinsey kdk at
Tue Aug 2 16:59:15 GMT 2005

Stephan Weaver wrote:

> Hello Everyone.
> We are going to be connecting our Stores to our Main Head Office Via 
> Fiber.
> We want to separate our Internal Lan from the store computers.
> So we have decided to separate them by networks [ip addressing] 
> because of security.
> Head Office
> I have 3 Servers in my LAN. And 4 Networks in Total inside of out Head 
> Office.
> - Pixel Replication Server
> - Web Based Server [Delivery Server]
> - File Server
> Including Internet Users.
> [ Lan ].
> The store computers that need to access specific servers, are only on 
> that network.
> For example.
> Store 1, Computer 1 Needs to Replicate [he will have an ip of 
> Store 1, Computer 2 [The Delivery Pc]. he will have an ip of 
> Store 1, Computer 3 Will access the File Server by having an ip of 
> Now the Risk involved with this is we have no Real Security, For Example.
> A Malicious user can easily change his ip address to For
> Example and Get on our Head Office Internal Network. Which We don't Want.
> So i would like to Setup, Install And Configure a FreeBSD Based 
> Firewall, that
> will have 4 Network Cards, and will be placed between Our Head Office 
> Switch, and out Fibre Switch [Wan].
> But AFAIK, By Placing all these network cards in the Same Machine, 
> FreeBSD Will Bridge All Those Networks.
> How Can i keep the networks Separate, and Secure the Servers by 
> Firewalling by ip addressing?
> I would appreciate Advice / Suggestions / Anything That will give me a 
> better clue on how to secure my network.
> Yours Sincerely,
> Stephan Weaver

This is probably not Real Helpful(tm), but maybe we can get the
ball rolling here (so I've included your entire post)  --- I'm looking
at m0n0wall ( to do a little of this on a smaller
scale --- basically just keeping 2 LAN's on the same wire seperate
from one another, and limiting access to the big bad Net via a
"captive portal".

Not sure if it would be any help to you, however....

Kevin Kinsey

More information about the freebsd-questions mailing list