Date: Wed, 3 Feb 1999 12:35:25 -0500 From: Christopher Michaels - SSG <ChrisMic@sbservices.com> To: "'Forrest Howard'" <forrest@moosebear.com> Cc: freebsd-questions@FreeBSD.ORG Subject: RE: Using FreeBSD as a router for small network Message-ID: <6C37EE640B78D2118D2F00A0C90FCB441A5EBA@site2s1>
next in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: Forrest Howard [SMTP:forrest@moosebear.com] > Sent: Wednesday, February 03, 1999 11:17 AM > To: freebsd-questions@FreeBSD.ORG > Subject: Using freebsd as a router for small network > > > I have a small network, which up to now been served by a farallon ISDN > router. The farallon box supports address translation, allowing several > machines to share a single ISP account. > > I have a DSL line on order, and I'd like to use a free bsd box (boxes?) to > do the same function as the ISDN router. As I understand it the DSL line > has a ethernet RJ-45, and the terminus is assigned a static IP address. > Obviously the freebsd boxes would need two Ethernet NIC's. > I have a similar setup, except I currently use PPP over a modem, instead of PPP. > My questions regard configuration: > > 1) Natd of course looks like it is just the solution. > I would agree, natd would perform the address translation. > 2) Do I need an additional firewall with natd? I couldn't > tell for sure from the man pages > Yes, you need to setup ipfirewall to redirect the packets to natd (at least in 2.2.8 you do). > 3) Do I need two machines? (or should I have 2 machines?) > I'd like to run a proxy server (squid?) > I'd like to run a Pop3 and SMTP server > I'd like to run dhcp server > If I run these on the natd macvhine, will things get confused? > Are there security implications that wants me to run these on the > intranet? > No, one machine will do. I run all of this on my machine without any trouble at all. The natd knows enough to distinguish between packets that are going to the internal network and ones that are meant for the FreeBSD machine. > 4) Are there other network services I want to configure. > That depends on what you want to use the BSD box for. I personally have pop/imap/smtp, squid, telnet, ssh (I'm debating closing off telnet), timed, named, and samba. > 5) Are there any pioneers out there that can warn me about > the pitfalls I'm likely to encounter? > The only pitfall(s) that I can think of are #1 the downtime to get this all properly configured. #2 your network to some degree will be visible to the internet, although it's near impossible to get directly to the internal machines w/o them initiating some kind of connection. If you setup a good set of rules on the firewall you will be just as secure as any other machine on the internet. (Safer if you consider that most people on the internet are running some version of windoze these days ;^P ) > Thank you in advance. > > Forrest To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6C37EE640B78D2118D2F00A0C90FCB441A5EBA>