From owner-freebsd-questions@FreeBSD.ORG  Wed Dec 31 07:12:06 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EB71A16A4CE
	for <questions@freebsd.org>; Wed, 31 Dec 2003 07:12:06 -0800 (PST)
Received: from mail1.acecape.com (mail1.acecape.com [66.114.74.12])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2231243D92
	for <questions@freebsd.org>; Wed, 31 Dec 2003 07:11:57 -0800 (PST)
	(envelope-from francisco@natserv.net)
Received: from p65-147.acedsl.com (p65-147.acedsl.com [66.114.65.147])
	by mail1.acecape.com (8.12.10/8.12.10) with ESMTP id hBVFBjEi004521;
	Wed, 31 Dec 2003 10:11:47 -0500
Date: Wed, 31 Dec 2003 10:13:10 +0000 (GMT)
From: Francisco <francisco@natserv.net>
X-X-Sender: fran@zoraida.natserv.net
To: Xpression <admin@atenas.cult.cu>
In-Reply-To: <000801c3cfae$a5891730$0901a8c0@bloodlust>
Message-ID: <20031231101000.W48044@zoraida.natserv.net>
References: <000801c3cfae$a5891730$0901a8c0@bloodlust>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: FreeBSD-questions <questions@freebsd.org>
Subject: Re: firewall question...
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Dec 2003 15:12:07 -0000

On Wed, 31 Dec 2003, Xpression wrote:

> Hi list, I've two servers running some services, now I want
> to firewall both them, do I need to build it on router or in
> the FreeBSD box...thanks.


That is totally up to you.
If you plan to do it on one of your FreeBSD machines I believe you will
need to have two NICs. At least that I believe is the easiest way to do
it.

There are some parameters you need in your kernel to use IPFW. Not sure if
PF needs kernel changes.

You very likely should be able to find previous posts and/or tutorials
online with how to setup either one, IPFW or PF. I do recommend though you
get yourself a good book on security so you understand all the parameters
and options you are going to need to deal with. Take a look at
/etc/rc.firewall. I believe they mention a book or two there that you may
want to consider reading.