Date: Wed, 03 Aug 2005 11:10:16 -0400 From: "Stephan Weaver" <stephanweaver@hotmail.com> To: nikolas.britton@gmail.com Cc: freebsd-questions@freebsd.org Subject: Re: Networking with FreeBSD Message-ID: <BAY20-F15E82B30493BAE37E25442A8C50@phx.gbl> In-Reply-To: <ef10de9a0508021626447b8136@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>From: Nikolas Britton <nikolas.britton@gmail.com>
>Reply-To: Nikolas Britton <nikolas.britton@gmail.com>
>To: Stephan Weaver <stephanweaver@hotmail.com>
>CC: cswiger@mac.com, freebsd-questions@freebsd.org
>Subject: Re: Networking with FreeBSD
>Date: Tue, 2 Aug 2005 18:26:15 -0500
>
>On 8/2/05, Stephan Weaver <stephanweaver@hotmail.com> wrote:
> >
> >
> > >From: Chuck Swiger <cswiger@mac.com>
> > >To: Stephan Weaver <stephanweaver@hotmail.com>
> > >CC: freebsd-questions@freebsd.org
> > >Subject: Re: Networking with FreeBSD
> > >Date: Tue, 02 Aug 2005 14:26:07 -0400
> > >
> > >Stephan Weaver wrote:
> > >[ ... ]
> > >>Thank You So Very Much for your quick response.
> > >
> > >You're welcome.
> > >
> > >>I am familar with firewalling, but i never done something like this.
> > >>Mabee you can give me an actual Example from my reference.
> > >>Using my networks ect.
> > >
> > >Sure, if I had lots of free time and nothing else to do, I could
>probably
> > >write up a security policy, firewall rules, along with pretty network
> > >topology diagrams and so forth. But I was up 'til 2AM doing pretty
>much
> > >just that for a client yesterday (*), and I'd rather not spend that
>much
> > >effort again today without a good cause, or at least more beer. :-)
> > >
> > >There is an expectation on the freebsd lists that you spend your own
>time
> > >to learn about the tasks you want to accomplish before asking other
>people
> > >to repeat what the documentation says for your own specific use case.
> > >("Read the docs. Try stuff out. Ask questions which show what you've
>done
> > >and what the specific error message or problem you have is.")
> > >
> > >>What i want to do is seperate the network's on the same wire.
> > >
> > >Hmm. Why do you want to put separate subnets on the same wire?
> > >
> > >(What does that mean to you, anyway? Using the same external ISP
> > >connection? All boxes all on the same ethernet hub? Something else?
> > >Consider IPsec. :-)
> > >
> > >--
> > >-Chuck
> > >
> > >(*): Client is in Denmark. They wanted stuff "urgently" by this
>morning
> > >their time, after getting me something to respond to yesterday at 4PM
>my
> > >time. Bleh, this "global outsourcing" thing really is overrated....
> > >
> >
> >
> > What i want to do in a nutshell,
> > Connect all stores together via fibre, and protect my HeadOffice Lan,
>which
> > will now be connected to all the stores. And Have some sort of security.
>
>What fibre? how far are the stores? fibre networking gear? you have
>fibre going all the way to your stores from HQ?
>
>Also, why do you have pixel, httpd, and samba servers on different LANs?
>
>Internet
> |
> | |--------WANs 1-4, 192.168.2/24, 192.168.3/24, 192.168.4/24,
>192.168.5/24
>Firewall ------ DMZ 192.168.1/24 ----- Pixel, httpd, samba
> |
> |
>HQ LAN 192.168.0/24
>
>
>OR:
>
>Internet
> |
> | |-----WAN, 192.168.2/24
>Firewall ------- DMZ, 192.168.1/24 ----- Pixel, httpd
> |
> |------- Samba
> |
>HQ LAN 192.168.0/24
>
>OR:
>
>Internet
> |
> | |-------WAN(s)
>Firewall
> |
> |
>HQ LAN
>
>Etc.
>
>We need more info to help you.
Thank you for your concern and quick response everyone.
Now i will use your example as mentioned above.
I have one quick question though.
These WAN's will be on seperate networks because of the /24. correct?
So if Wan1 [192.168.2/24] Wants to Connect to our Pixel Server[192.168.1/24]
for example He would not be able to communicate because of the /24? Is
this correct?
If so, how do allow them to communicate?
Yours Sincerely
Stephan Weaver
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY20-F15E82B30493BAE37E25442A8C50>