From owner-freebsd-questions  Thu Jan 23  6: 2:32 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 203E437B401
	for <freebsd-questions@freebsd.org>; Thu, 23 Jan 2003 06:02:31 -0800 (PST)
Received: from gs166.sp.cs.cmu.edu (GS166.SP.CS.CMU.EDU [128.2.205.169])
	by mx1.FreeBSD.org (Postfix) with SMTP id B7E6543F3F
	for <freebsd-questions@freebsd.org>; Thu, 23 Jan 2003 06:02:29 -0800 (PST)
	(envelope-from dpelleg@gs166.sp.cs.cmu.edu)
To: Martyn Hill <m.hill@stjamessengirls.org.uk>
Cc: FreeBSD-questions <freebsd-questions@freebsd.org>
Subject: Re: Subnetting or Bridging to secure different dapartments on our School LAN?
References: <000701c2c222$e7439dc0$6f00000a@SJMOBILE11>
From: Dan Pelleg <daniel+bsd@pelleg.org>
Date: 23 Jan 2003 09:02:15 -0500
In-Reply-To: <000701c2c222$e7439dc0$6f00000a@SJMOBILE11>
Message-ID: <u2ssmvkt15k.fsf@gs166.sp.cs.cmu.edu>
Lines: 33
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

"Martyn Hill" <m.hill@stjamessengirls.org.uk> writes:

> Dear all
> 
> I'd be very grateful for any insights you could share...
> 
> Our school network continues to grow. Different departments within the
> school wish to piggy-back their windows machines on to our broadband
> internet connection, via our 100Mbps wired LAN within the building. Before I
> can allow anymore machines on, I need to put a measure of security in
> place - principally between the school Admin and Curriculum 'networks' and
> also between the other 3 departments who share the site with us. I was
> thinking along the lines of subnetting our existing network and applying a
> firewall between each sub-net.
> 

I would recommend the book below. While not FreeBSD-specific, it does
contain enough information to guide you through the high-level
decisions. Once you get the policy, you can then decide on an
infrastructure, and then go to the rulesets.

#       Building Internet Firewalls, 2nd Edition
#       Brent Chapman and Elizabeth Zwicky
#
#       O'Reilly & Associates, Inc
#       ISBN 1-56592-871-7
#       http://www.ora.com/
#       http://www.oreilly.com/catalog/fire2/


-- 

  Dan Pelleg

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message