Networking with FreeBSD

Stephan Weaver stephanweaver at
Tue Aug 2 17:15:52 GMT 2005

>From: Garrett Cooper <youshi10 at>
>To: Stephan Weaver <stephanweaver at>
>CC: freebsd-questions at
>Subject: Re: Networking with FreeBSD
>Date: Tue, 2 Aug 2005 10:10:44 -0700 (PDT)
>On Tue, 2 Aug 2005, Stephan Weaver wrote:
>>Hello Everyone.
>>We are going to be connecting our Stores to our Main Head Office Via 
>>We want to separate our Internal Lan from the store computers.
>>So we have decided to separate them by networks [ip addressing] because of 
>>Head Office
>>I have 3 Servers in my LAN. And 4 Networks in Total inside of out Head 
>> - Pixel Replication Server
>> - Web Based Server [Delivery Server]
>> - File Server
>>Including Internet Users.
>> [ Lan ].
>>The store computers that need to access specific servers, are only on that 
>>For example.
>>Store 1, Computer 1 Needs to Replicate [he will have an ip of 
>>Store 1, Computer 2 [The Delivery Pc]. he will have an ip of
>>Store 1, Computer 3 Will access the File Server by having an ip of 
>>Now the Risk involved with this is we have no Real Security, For Example.
>>A Malicious user can easily change his ip address to For 
>>Example and Get on our Head Office Internal Network. Which We don't Want.
>>So i would like to Setup, Install And Configure a FreeBSD Based Firewall, 
>>that will have 4 Network Cards, and will be placed between Our Head Office 
>>Switch, and out Fibre Switch [Wan].
>>But AFAIK, By Placing all these network cards in the Same Machine, FreeBSD 
>>Will Bridge All Those Networks.
>>How Can i keep the networks Separate, and Secure the Servers by 
>>Firewalling by ip addressing?
>>I would appreciate Advice / Suggestions / Anything That will give me a 
>>better clue on how to secure my network.
>>Yours Sincerely,
>>Stephan Weaver
>	I can tell you as of right now that you're going to have to setup a NAT 
>with your FreeBSD box acting as the gateway using something like ipf, 
>ipfilter, etc. However, I have little experience with this, and depending 
>on what you want in terms of user interaction, different solutions will 
>pose certain pros and cons.
>	Also, no one outside of the network can just change their IP address to 
>192.168.0.x because the 192.168.x.y IP address blocks are reserved as Class 
>C addresses which under all correct implementations of IP physically 
>inaccessible outside the network. Therefore, that isn't so much of an 
>issue... however, it still doesn't hurt to have a firewall because you 
>don't want someone tunnelling in and wreaking havok on your network. That 
>is of course if the information you listed above was in fact what's 
>currently implemented as opposed to what should be implemented.
>	Just a few minor thoughts.

Nothing is implimented as yet, i am looking for solutions.

Love You Guys
stephan weaver

Express yourself instantly with MSN Messenger! Download today it's FREE!

More information about the freebsd-questions mailing list