From owner-freebsd-questions@FreeBSD.ORG Wed Aug 3 15:10:18 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B0C016A41F for ; Wed, 3 Aug 2005 15:10:18 +0000 (GMT) (envelope-from stephanweaver@hotmail.com) Received: from hotmail.com (bay20-f15.bay20.hotmail.com [64.4.54.104]) by mx1.FreeBSD.org (Postfix) with ESMTP id 738FA43D49 for ; Wed, 3 Aug 2005 15:10:17 +0000 (GMT) (envelope-from stephanweaver@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 3 Aug 2005 08:10:17 -0700 Message-ID: Received: from 201.238.77.219 by by20fd.bay20.hotmail.msn.com with HTTP; Wed, 03 Aug 2005 15:10:16 GMT X-Originating-IP: [201.238.77.219] X-Originating-Email: [stephanweaver@hotmail.com] X-Sender: stephanweaver@hotmail.com In-Reply-To: From: "Stephan Weaver" To: nikolas.britton@gmail.com Date: Wed, 03 Aug 2005 11:10:16 -0400 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: 03 Aug 2005 15:10:17.0212 (UTC) FILETIME=[74EE2BC0:01C5983D] Cc: freebsd-questions@freebsd.org Subject: Re: Networking with FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Aug 2005 15:10:18 -0000 >From: Nikolas Britton >Reply-To: Nikolas Britton >To: Stephan Weaver >CC: cswiger@mac.com, freebsd-questions@freebsd.org >Subject: Re: Networking with FreeBSD >Date: Tue, 2 Aug 2005 18:26:15 -0500 > >On 8/2/05, Stephan Weaver wrote: > > > > > > >From: Chuck Swiger > > >To: Stephan Weaver > > >CC: freebsd-questions@freebsd.org > > >Subject: Re: Networking with FreeBSD > > >Date: Tue, 02 Aug 2005 14:26:07 -0400 > > > > > >Stephan Weaver wrote: > > >[ ... ] > > >>Thank You So Very Much for your quick response. > > > > > >You're welcome. > > > > > >>I am familar with firewalling, but i never done something like this. > > >>Mabee you can give me an actual Example from my reference. > > >>Using my networks ect. > > > > > >Sure, if I had lots of free time and nothing else to do, I could >probably > > >write up a security policy, firewall rules, along with pretty network > > >topology diagrams and so forth. But I was up 'til 2AM doing pretty >much > > >just that for a client yesterday (*), and I'd rather not spend that >much > > >effort again today without a good cause, or at least more beer. :-) > > > > > >There is an expectation on the freebsd lists that you spend your own >time > > >to learn about the tasks you want to accomplish before asking other >people > > >to repeat what the documentation says for your own specific use case. > > >("Read the docs. Try stuff out. Ask questions which show what you've >done > > >and what the specific error message or problem you have is.") > > > > > >>What i want to do is seperate the network's on the same wire. > > > > > >Hmm. Why do you want to put separate subnets on the same wire? > > > > > >(What does that mean to you, anyway? Using the same external ISP > > >connection? All boxes all on the same ethernet hub? Something else? > > >Consider IPsec. :-) > > > > > >-- > > >-Chuck > > > > > >(*): Client is in Denmark. They wanted stuff "urgently" by this >morning > > >their time, after getting me something to respond to yesterday at 4PM >my > > >time. Bleh, this "global outsourcing" thing really is overrated.... > > > > > > > > > What i want to do in a nutshell, > > Connect all stores together via fibre, and protect my HeadOffice Lan, >which > > will now be connected to all the stores. And Have some sort of security. > >What fibre? how far are the stores? fibre networking gear? you have >fibre going all the way to your stores from HQ? > >Also, why do you have pixel, httpd, and samba servers on different LANs? > >Internet > | > | |--------WANs 1-4, 192.168.2/24, 192.168.3/24, 192.168.4/24, >192.168.5/24 >Firewall ------ DMZ 192.168.1/24 ----- Pixel, httpd, samba > | > | >HQ LAN 192.168.0/24 > > >OR: > >Internet > | > | |-----WAN, 192.168.2/24 >Firewall ------- DMZ, 192.168.1/24 ----- Pixel, httpd > | > |------- Samba > | >HQ LAN 192.168.0/24 > >OR: > >Internet > | > | |-------WAN(s) >Firewall > | > | >HQ LAN > >Etc. > >We need more info to help you. Thank you for your concern and quick response everyone. Now i will use your example as mentioned above. I have one quick question though. These WAN's will be on seperate networks because of the /24. correct? So if Wan1 [192.168.2/24] Wants to Connect to our Pixel Server[192.168.1/24] for example He would not be able to communicate because of the /24? Is this correct? If so, how do allow them to communicate? Yours Sincerely Stephan Weaver _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/