From owner-freebsd-security Tue Aug 28 8:58:14 2001 Delivered-To: freebsd-security@freebsd.org Received: from closed-networks.com (shady.org [195.153.248.241]) by hub.freebsd.org (Postfix) with SMTP id 7692E37B401 for ; Tue, 28 Aug 2001 08:58:06 -0700 (PDT) (envelope-from marcr@closed-networks.com) Received: (qmail 22691 invoked by uid 1000); 28 Aug 2001 16:02:20 -0000 Date: Tue, 28 Aug 2001 17:02:20 +0100 From: Marc Rogers To: Shane Crounse Cc: security@Freebsd.org Subject: Re: IP Sharing on a College campus. Firewall?? Message-ID: <20010828170220.I99287@shady.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.4i In-Reply-To: ; from scc4809@it.rit.edu on Tue, Aug 28, 2001 at 11:51:37AM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Look up NAT on the freebsd site (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/natd.html) and look up NAT on the ipfilter site either of those options will solve your issues. In a nutshell you will create a NAT gateway that has 1 real ip. Behind it you will be able to use whatever reserved (192.168.0.0 etc) addresses that you desire. The only catch to this is that they will be able to contact the outside world, but the outside world will not be able to contact them. This means if you want to set up services like shares / ftp / web services you will either have to assign real ips to those machines, or learn about transparent proxying / port redirection. hope this helps, Marc Rogers Technical Director EDC On Tue, Aug 28, 2001 at 11:51:37AM -0400, Shane Crounse wrote: > Here is my dilemma. I am a student on a college campus. RIT if you > couldn’t tell. > I am in an apartment that has access to the school network. My problem is > that I am limited in the number of IP addresses I can have. (one or two) > I have my windows 2k workstation, and at least 3 FreeBSD machines that I > would like to put on the network. Last year I did it using windows IP > sharing but I had all windows machines. Is there some way of doing IP > sharing through one of the BSD machines? Would you suggust a firewall? I > know that I will be regularly scanned by students. Hack attempts will > occur. Anybody got any ideas? > > I appreciate the assistance in advance. > > - I would need to be able to run, SSH, SFTP, FTP, HTTP minimally from all > the machines. > > > > > -Shane Crounse > > Department of Information Technology > Rochester Institute of Technology > Shane_Crounse@it.rit.edu > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message