Date: Fri, 10 Oct 2003 11:41:01 -0400 From: "liquid" <liquid@homebass.ca> To: "'freebsd-questions'" <freebsd-questions@FreeBSD.ORG> Subject: RE: ADSL modem & ip addresses Message-ID: <000001c38f44$e95d9bc0$6400a8c0@windows> In-Reply-To: <200310102329.08549.imoore@picknowl.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd- > questions@freebsd.org] On Behalf Of Ian Moore > Sent: October 10, 2003 9:59 AM > To: freebsd-questions > Subject: ADSL modem & ip addresses >=20 > Hi, > I'm organising an ADSL connection and I'm a bit confused about our > options. >=20 > We need to provide web, ssh and mail access to our network for users > from home > across the Internet with an ADSL connection. > I figure the best way to do this is to setup a new machine to act as a > firewall and run a web server & sendmail on this box. (or I have seen > something about using socket to divert these services to our existing > server > which has a private address). It's not a wise move to run the services on the same machine as your firewall. You can setup an openbsd machine to serve as your firewall on a very inexpensive old machine, running it as a gateway as well. You can then forward specific ports (80, 25, 110 in your case) to your services machine running either in a DMZ or behind the firewall. Regarding the whole diverting issue, I encourage you to google "dual homed hosts" I had some pretty favourites on my windows machine but I lost them all when a hard drive died or I'd have some good ones for you. > The firewall would have a NIC with a private IP address to connect to > the rest > of our network. >=20 > What's the best way then to connect it to the ADSL line? > Do we have a second NIC in the firewall machine with a real IP address > connected to an ADSL modem and use ppp -natd on that interface? Does > that > mean we'd need 2 static IP addresses - one for the firewall & one for > the > modem? (We really don't want to pay for 2 addresses) If you use pppoe, you can run ppp -ddial -quiet on startup by including that in rc.conf. Checkout /etc/defaults/rc.conf. I setup a machine to act as a gateway/firewall for 5 PC's on a 3mbit dsl line once... on a P120 and it ran flawlessly. You don't need two IP's. Your modem *shouldn't* have to have an IP. If it does, it's because it also acts as a router and hence does the pppoe auth. I suppose you can use that as a router instead.. it's your network ;) I like the flexibility my router provides me however. It's remarkably easy to setup as well. Again I don't have any links right now off-hand, but if you search for pppoe + freebsd + ipnat or something you'll find some very good tutorials. There was this one for a cable connection I used as a guide the first time, and just followed the steps from other sources for setting up PPPoE. >=20 > Or can we use a USB connection instead - are there FBSD drivers for > ADSL > modems? I can't see any in the supported hardware list. AFAIK, there is no support (yet?) for a usb modem. I don't like them anyway - I keep my apples with my apples, my oranges with... you guessed it, the oranges. ADSL =3D network related stuff =3D runs on Ethernet. >=20 > Or do we use a combined modem/router device to do the nat & > firewalling and > have it redirect mail, web & ssh access to our main server? (is that > possible > or do such devices not allow access into the network from the 'net?) >=20 by default they will not. As I said they work, but I'm not sure the devices that are a modem + router built-in will also include firewalling. HTH, Sandro > Cheers, > Ian >=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000001c38f44$e95d9bc0$6400a8c0>