From owner-freebsd-questions Wed Aug 21 17:31:26 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BFD7337B401 for ; Wed, 21 Aug 2002 17:31:18 -0700 (PDT) Received: from babyruth.hotpop.com (babyruth.hotpop.com [204.57.55.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F0D943E4A for ; Wed, 21 Aug 2002 17:31:18 -0700 (PDT) (envelope-from rdwestsr@hotpop.com) Received: from hotpop.com (kubrick.hotpop.com [204.57.55.16]) by babyruth.hotpop.com (Postfix) with SMTP id 8DCC7211AF0 for ; Thu, 22 Aug 2002 00:31:17 +0000 (UTC) Received: from papabear (unknown [66.169.41.53]) by smtp-2.hotpop.com (Postfix) with SMTP id 0F9F81B8583 for ; Thu, 22 Aug 2002 00:31:17 +0000 (UTC) Message-ID: <001401c24973$cf3fb240$0a00a8c0@papabear> From: "RDWestSr@hotpop" To: Subject: Firewall Help plz Date: Wed, 21 Aug 2002 20:35:26 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-HotPOP: ----------------------------------------------- Sent By HotPOP.com FREE Email Get your FREE POP email at www.HotPOP.com ----------------------------------------------- Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG hi guys, i need a little input on freebsd firewalls-- check my ideas out and maybe advise me the best route and point me to some detailed links etc... a friend of mine asked me to help him get his small business online. i'm looking for some ideas on this. my questions... 10 computers - 1 server -9 clients ok, all customer info, orders, etc is kept on the server... he has 9 employees that log into the server from their client pc to update and change information etc... now his employees want on the net to surf, mail, download mp3's etc... he's getting a commercial cable account what is the best secure way to build the firewall or wall(s) for the network.... hummm the server needs a big wall :) here's my thinking the server has to be secure enough that if and when a client gets hacked that they can't get into the server and screw it up... so... NET-> FREEBSD _FIREWALL/GATEWAY (nic cards to 2 networks) LAN_#1(all 9 clients) LAN_#2(the server) ------------------- or NET-> FREEBSD _FIREWALL/GATEWAY-#1-> #1-LOCAL_AREA_NETWORK-> FREEBSD _FIREWALL/GATEWAY-#2-> THE_SERVER -------------------- here's my main question-- can freebsd be setup by MAC ID access ????? my ideas are to route access for the clients on ports 20,21,25,53,80,110 to access net while nic #2 of LAN#2 is setup where only the 9 MAC IDs of the LAN#1 can access the server... thats my way of thinking... i was thinking a double firewall would be more secure than a single firewall box... tx in advance guys... i'm just trying to save him a ton of money here while making it safe for his employees to get on the net... RDWestSr To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message