Networking with FreeBSD

Chuck Swiger cswiger at
Tue Aug 2 17:38:30 GMT 2005

Stephan Weaver wrote:
[ ... ]
> But AFAIK, By Placing all these network cards in the Same Machine, 
> FreeBSD Will Bridge All Those Networks.

FreeBSD is well-behaved in terms of security.  It will not act as a layer-2 
bridge or as a layer-3 IP router/firewall, unless and until you tell it to do so.

See the options set in /etc/rc.conf and /etc/defaults/rc.conf such as:

gateway_enable="NO"             # Set to YES if this host will be a gateway.
router_enable="NO"              # Set to YES to enable a routing daemon.
firewall_enable="NO"            # Set to YES to enable firewall functionality
firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall
firewall_type="UNKNOWN"         # Firewall type (see /etc/rc.firewall)

...or "man bridge".

> How Can i keep the networks Separate, and Secure the Servers by 
> Firewalling by ip addressing?

Well, if you set the machines up on three or four seperate subnets, each on a 
seperate collision domain (ie, each with it's own hub or switch VLAN), you can 
firewall traffic both by subnet and by individual IPs.  A proper ruleset will 
integrate anti-spoofing rules which will prevent a machine from sending traffic 
as if it were an IP on another subnet, or at least prevent the traffic from 
going through the firewall to reach your private internal networks.

Obviously, you want to keep untrusted machines on another subnet than the 
servers you are protecting.  Go read "Building Internet Firewalls" published by 
O'Reilley, as well as


More information about the freebsd-questions mailing list