Date: Tue, 6 Aug 2002 17:06:14 -0600 (CST) From: Ryan Thompson <ryan@sasknow.com> To: Tom Wiebe <twiebe@mac.com> Cc: FreeBSD-Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: Connecting 2 networks? Message-ID: <20020806164447.I54622-100000@ren.sasknow.com> In-Reply-To: <C392C45A-A980-11D6-8386-0003935761AA@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Tom Wiebe wrote to FreeBSD-Questions:
> Hi all,
>
> [...]
>
> As the 3mb connection is metered, we'd like to just run the servers
> on it and run our workstations over the existing (unmetered) adsl
> connection. The only caveat is that I'd like to also be able to
> access the servers locally, i.e. without having to go through the
> internet.
>
> Can I do this by setting up a FreeBSD box as a bridge with one nic
> plugged into the office network and one plugged into the server
> network?
Basically, yes. It doesn't necessarily have to be bridging, either.
Depending on what you want to accomplish, you may be just as happy
with a multi-homed FreeBSD box in between the two acting as a router.
Presumably each connection has its own subnet, so just assign the
FreeBSD box one IP on each net. The tougher part is you'll somehow
have to make sure your hosts know which gateway to use, depending on
the destination subnet. You could add static routes on the client
machines to send all local traffic through the new router, (and all
global traffic goes through the default route), but that doesn't scale
well.
If you're like most offices, you have a lot of heterogenous clients,
and it might be more effective to just set up your new router to
handle the ADSL connection, *and* forward traffic in between the two
local nets, so it can handle the routing for you automatically:
<--- A --+-------- B --> ADSL
| |
+++ +++
||| |||
Servers Clients
So, the server "B" has three NICs. One for the ADSL connection,
another for the client net, and another for the server net.
If you are careful with the firewall rules on the FreeBSD router,
you've got a good choke point between the two nets. As long as you
don't go poking holes in it, the two networks don't really have to
trust each other at all.
I guess this is really a question of network design. I could think of
at least two or three different ways to accomplish your goal that
might be better in some scenarios, but I'll stick with the above as a
good general solution which seems to match what you asked for, without
adding a bunch of hardware.
- Ryan
--
Ryan Thompson <ryan@sasknow.com>
SaskNow Technologies - http://www.sasknow.com
901 1st Avenue North - Saskatoon, SK - S7K 1Y4
Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon
Toll-Free: 877-727-5669 (877-SASKNOW) North America
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020806164447.I54622-100000>