Date: Wed, 3 Feb 1999 12:13:35 -0600 From: "Ben Vaughn" <bvaughn@prophetnetworks.net> To: "Forrest Howard" <forrest@moosebear.com> Cc: <questions@FreeBSD.ORG> Subject: Re: Using freebsd as a router for small network Message-ID: <012601be4fa0$ecabdb40$0975c226@prophetnetworks.com>
next in thread | raw e-mail | index | archive | help
----- Original Message ----- From: Forrest Howard <forrest@moosebear.com> To: <freebsd-questions@FreeBSD.ORG> Sent: Wednesday, February 03, 1999 10:17 Subject: Using freebsd as a router for small network | | |I have a small network, which up to now been served by a farallon ISDN |router. The farallon box supports address translation, allowing several |machines to share a single ISP account. | |I have a DSL line on order, and I'd like to use a free bsd box (boxes?) to |do the same function as the ISDN router. As I understand it the DSL line |has a ethernet RJ-45, and the terminus is assigned a static IP address. |Obviously the freebsd boxes would need two Ethernet NIC's. | |My questions regard configuration: | |1) Natd of course looks like it is just the solution. Why, of course. | |2) Do I need an additional firewall with natd? I couldn't | tell for sure from the man pages | No. You do, however, need to add some firewall rules for divert sockets to work, but the natd(8) manual page covers this. Also, as a network admin you should apply other firewall rules (set in your /etc/rc.conf file) to protect your network integrity. FreeBSD starts out as a generally secure Operating System, but perhaps you should read the FreeBSD security How-To at http://www.freebsd.org/~jkb/howto.html. |3) Do I need two machines? (or should I have 2 machines?) | I'd like to run a proxy server (squid?) | I'd like to run a Pop3 and SMTP server | I'd like to run dhcp server | If I run these on the natd macvhine, will things get confused? | Are there security implications that wants me to run these on the | intranet? | One machine can do for all, and natd will not get confused. Any security implications are addressed above :) |4) Are there other network services I want to configure. | A BIND name-server (from /usr/ports/net/bind) would be a good addition. |5) Are there any pioneers out there that can warn me about |the pitfalls I'm likely to encounter? | I'm sure those on this list will be able to help you out. |Thank you in advance. | |Forrest | No problem, -biv ----------------------------------------- Ben Vaughn Prophet Network Systems http://www.prophetnetworks.net ----------------------------------------- | | |To Unsubscribe: send mail to majordomo@FreeBSD.org |with "unsubscribe freebsd-questions" in the body of the message | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?012601be4fa0$ecabdb40$0975c226>