Networking with FreeBSD
stephanweaver at hotmail.com
Tue Aug 2 17:15:52 GMT 2005
>From: Garrett Cooper <youshi10 at u.washington.edu>
>To: Stephan Weaver <stephanweaver at hotmail.com>
>CC: freebsd-questions at freebsd.org
>Subject: Re: Networking with FreeBSD
>Date: Tue, 2 Aug 2005 10:10:44 -0700 (PDT)
>On Tue, 2 Aug 2005, Stephan Weaver wrote:
>>We are going to be connecting our Stores to our Main Head Office Via
>>We want to separate our Internal Lan from the store computers.
>>So we have decided to separate them by networks [ip addressing] because of
>>I have 3 Servers in my LAN. And 4 Networks in Total inside of out Head
>>10.10.10.1 - Pixel Replication Server
>>192.168.1.1 - Web Based Server [Delivery Server]
>>192.168.100.1 - File Server
>>Including Internet Users.
>>192.168.0.1-254 [ Lan ].
>>The store computers that need to access specific servers, are only on that
>>Store 1, Computer 1 Needs to Replicate [he will have an ip of
>>Store 1, Computer 2 [The Delivery Pc]. he will have an ip of 192.168.1.105
>>Store 1, Computer 3 Will access the File Server by having an ip of
>>Now the Risk involved with this is we have no Real Security, For Example.
>>A Malicious user can easily change his ip address to 192.168.0.105 For
>>Example and Get on our Head Office Internal Network. Which We don't Want.
>>So i would like to Setup, Install And Configure a FreeBSD Based Firewall,
>>that will have 4 Network Cards, and will be placed between Our Head Office
>>Switch, and out Fibre Switch [Wan].
>>But AFAIK, By Placing all these network cards in the Same Machine, FreeBSD
>>Will Bridge All Those Networks.
>>How Can i keep the networks Separate, and Secure the Servers by
>>Firewalling by ip addressing?
>>I would appreciate Advice / Suggestions / Anything That will give me a
>>better clue on how to secure my network.
> I can tell you as of right now that you're going to have to setup a NAT
>with your FreeBSD box acting as the gateway using something like ipf,
>ipfilter, etc. However, I have little experience with this, and depending
>pose certain pros and cons.
> Also, no one outside of the network can just change their IP address to
>192.168.0.x because the 192.168.x.y IP address blocks are reserved as Class
>C addresses which under all correct implementations of IP physically
>inaccessible outside the network. Therefore, that isn't so much of an
>issue... however, it still doesn't hurt to have a firewall because you
>don't want someone tunnelling in and wreaking havok on your network. That
>is of course if the information you listed above was in fact what's
>currently implemented as opposed to what should be implemented.
> Just a few minor thoughts.
Nothing is implimented as yet, i am looking for solutions.
Love You Guys
Express yourself instantly with MSN Messenger! Download today it's FREE!
More information about the freebsd-questions