Date: Wed, 22 Jan 2003 14:31:07 -0000 From: "Martyn Hill" <m.hill@stjamessengirls.org.uk> To: "FreeBSD-questions" <freebsd-questions@freebsd.org> Subject: Subnetting or Bridging to secure different dapartments on our School LAN? Message-ID: <000701c2c222$e7439dc0$6f00000a@SJMOBILE11>
next in thread | raw e-mail | index | archive | help
Dear all I'd be very grateful for any insights you could share... Our school network continues to grow. Different departments within the school wish to piggy-back their windows machines on to our broadband internet connection, via our 100Mbps wired LAN within the building. Before I can allow anymore machines on, I need to put a measure of security in place - principally between the school Admin and Curriculum 'networks' and also between the other 3 departments who share the site with us. I was thinking along the lines of subnetting our existing network and applying a firewall between each sub-net. Currently, our setup comprises of two FreeBSD (4.5RELENG) boxes - one acting as a gateway/firewall between our private network (10.x.x.x/8) and the ADSL router, the other as a fileserver/web proxy/redirector and email server to our 40 or so Windows clients. DHCP and DNS is provided by the gateway. The gateway currently runs with two NICs - one to a switch, the other to the ADSL router. All other machines, including the fileserver hang off the switch. The ADSL router has another 3 10Mbps ports available for direct connection. The Admin and Curriculum users need to share the fileserver (for now, at least.) The other new users simply need the broadband connectivity (with or without the web-proxy facility that currently sits on the fileserver.) Questions: Do I consider placing more NICs into the gateway in order to create (along with a few switches) the new sub-nets, placing a firewall (ipfw) between each interface? Is it even possible to run >1 ipfw on the same box? Do I build a couple of cheap boxes (like the P90 I'm using for the current gateway) with FreeBSD and set them up for bridging along with ipfw? Do I buy a few hardware routers with firewall facility and build my sub-nets that way? Do I use ifconfig to alias the one internal NIC in the present gateway to create virtual sub-nets? Is a firewall really what I need to restrict particular traffic (like SMB browsing) across the sub-nets? Or, am I barking up the wrong tree (spanning, or otherwise...)? Thanks in advance. Martyn Hill ICT Teacher and IT Coordinator St James Independent School London To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000701c2c222$e7439dc0$6f00000a>