Re: Networking with FreeBSD

Tue, 02 Aug 2005 10:43:21 -0700 



From: Chuck Swiger <[EMAIL PROTECTED]>
To: Stephan Weaver <[EMAIL PROTECTED]>
CC: freebsd-questions@freebsd.org
Subject: Re: Networking with FreeBSD
Date: Tue, 02 Aug 2005 13:38:27 -0400

Stephan Weaver wrote:
[ ... ]

But AFAIK, By Placing all these network cards in the Same Machine, FreeBSD 
Will Bridge All Those Networks.



FreeBSD is well-behaved in terms of security.  It will not act as a layer-2 
bridge or as a layer-3 IP router/firewall, unless and until you tell it to 
do so.


See the options set in /etc/rc.conf and /etc/defaults/rc.conf such as:


gateway_enable="NO"             # Set to YES if this host will be a 
gateway.

router_enable="NO"              # Set to YES to enable a routing daemon.

firewall_enable="NO"            # Set to YES to enable firewall 
functionality
firewall_script="/etc/rc.firewall" # Which script to run to set up the 
firewall

firewall_type="UNKNOWN"         # Firewall type (see /etc/rc.firewall)

...or "man bridge".


How Can i keep the networks Separate, and Secure the Servers by 
Firewalling by ip addressing?



Well, if you set the machines up on three or four seperate subnets, each on 
a seperate collision domain (ie, each with it's own hub or switch VLAN), 
you can firewall traffic both by subnet and by individual IPs.  A proper 
ruleset will integrate anti-spoofing rules which will prevent a machine 
from sending traffic as if it were an IP on another subnet, or at least 
prevent the traffic from going through the firewall to reach your private 
internal networks.



Obviously, you want to keep untrusted machines on another subnet than the 
servers you are protecting.  Go read "Building Internet Firewalls" 
published by O'Reilley, as well as http://www.ietf.org/rfc/rfc2196.txt...


--
-Chuck




Thank You So Very Much for your quick response.
I am familar with firewalling, but i never done something like this.
Mabee you can give me an actual Example from my reference.
Using my networks ect.


What i want to do is seperate the network's on the same wire.

_________________________________________________________________

Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"






















					Reply via email to