Home firewall with DLink router and FreeBSD

Daniel Staal DStaal at usa.net
Fri May 6 01:05:40 UTC 2011

--As of May 5, 2011 5:37:52 PM -0700, Leonardo M. Ramé is alleged to have 

> Hi, at home I have a DLink Dir 300 router to provide internet access for
> my home network. The network is composed by two Windows PCs, one Linux
> laptop and one FreeBSD server we use mainly for storage and as
> web/database server.
> I must add, the server only have one network card.
> I would like to know if its possible to use the FreeBSD server as a
> Firewall for the whole network, securing LAN and WiFi connections. If
> this can be done, then how? could you point me to some howto?.

--As for the rest, it is mine.

I don't know of any howto's but it is possible.  You would need to set up 
the FreeBSD box with two ip's on it's interface, (one as an alias), and 
have them on separate networks.  (Sharing the same hardware, but with 
non-overlapping ip ranges.  Make one a 10.* network and one a 192.168.* 
network.)  One is the 'outside' network, and includes your internet 
gateway.  The other is your 'inside' network and includes everything else. 
(Including your WiFi access point.)

Then you set up the FreeBSD box to route & NAT between them, and to 
firewall along the way.  A standard FreeBSD firewall howto would work 
there, as long as you watch that you never specify an interface name in the 
firewall rules, but use the IP address instead.

However, I would not recommend this.  It's way too easy to accidentally at 
some later point put one of your home boxes on the 'outside' network and 
then you've just bypassed your firewall.  Another ethernet card won't cost 
much, and will make the setup easier and more secure: You can then 
physically separate the networks.

Daniel T. Staal

This email copyright the author.  Unless otherwise noted, you
are expressly allowed to retransmit, quote, or otherwise use
the contents for non-commercial purposes.  This copyright will
expire 5 years after the author's death, or in 30 years,
whichever is longer, unless such a period is in excess of
local copyright law.

More information about the freebsd-questions mailing list