Date: 21 Aug 2002 21:11:20 +0000 From: Josh Paetzel <friar_josh@webwarrior.net> To: "RDWestSr@hotpop" <rdwestsr@hotpop.com> Cc: freebsd-questions@freebsd.org Subject: Re: Firewall Help plz Message-ID: <1029964281.226.6.camel@markx.vladsempire.net> In-Reply-To: <001401c24973$cf3fb240$0a00a8c0@papabear> References: <001401c24973$cf3fb240$0a00a8c0@papabear>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2002-08-22 at 00:35, RDWestSr@hotpop wrote: > hi guys, > i need a little input on freebsd firewalls-- > check my ideas out and maybe advise me the best route and point me to some > detailed links etc... > a friend of mine asked me to help him get his small business online. > i'm looking for some ideas on this. my questions... > > 10 computers > - 1 server > -9 clients > > ok, all customer info, orders, etc is kept on the server... he has 9 > employees that log into the server from their client pc to update and change > information etc... > > now his employees want on the net to surf, mail, download mp3's etc... > he's getting a commercial cable account > > what is the best secure way to build the firewall or wall(s) for the > network.... > hummm > the server needs a big wall :) > here's my thinking > > the server has to be secure enough that if and when a client gets hacked > that they can't get into the server and screw it up... > > so... > NET-> > FREEBSD _FIREWALL/GATEWAY (nic cards to 2 networks) > LAN_#1(all 9 clients) > LAN_#2(the server) > ------------------- or > NET-> > FREEBSD _FIREWALL/GATEWAY-#1-> > #1-LOCAL_AREA_NETWORK-> > FREEBSD _FIREWALL/GATEWAY-#2-> > THE_SERVER > -------------------- > here's my main question-- > can freebsd be setup by MAC ID access ????? > my ideas are to route access for the clients on ports 20,21,25,53,80,110 to > access net while nic #2 of LAN#2 is setup where only the 9 MAC IDs of the > LAN#1 can access the server... > > thats my way of thinking... i was thinking a double firewall would be > more secure than a single firewall box... > > tx in advance guys... > i'm just trying to save him a ton of money here while making it safe for his > employees to get on the net... > > RDWestSr My guess is you are going to have to pay to get that sort of support. I'd typically charge anywhere from $300-$500 on the side to set something like that up on a Saturday. Get a copy of ORA's building Internet Firewalls, and take a look at the handbook and man page for ipfw. Josh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1029964281.226.6.camel>