From owner-freebsd-questions@FreeBSD.ORG Fri Oct 10 18:49:25 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7353316A4B3 for ; Fri, 10 Oct 2003 18:49:25 -0700 (PDT) Received: from jupiter.picknowl.com.au (jupiter.picknowl.com.au [203.87.94.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3FF3243FB1 for ; Fri, 10 Oct 2003 18:49:24 -0700 (PDT) (envelope-from imoore@picknowl.com.au) Received: from popadl-04-142.picknowl.com.au (popadl-04-142.picknowl.com.au [210.48.131.142]) by jupiter.picknowl.com.au (Postfix) with ESMTP id CE79E97465 for ; Sat, 11 Oct 2003 11:19:21 +0930 (CST) From: Ian Moore To: "freebsd-questions" Date: Sat, 11 Oct 2003 11:21:22 +0930 User-Agent: KMail/1.5.3 References: <000001c38f44$e95d9bc0$6400a8c0@windows> In-Reply-To: <000001c38f44$e95d9bc0$6400a8c0@windows> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200310111121.22800.imoore@picknowl.com.au> Subject: Re: ADSL modem & ip addresses X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Oct 2003 01:49:25 -0000 On Sat, 11 Oct 2003 01:11, liquid wrote: > > -----Original Message----- > > From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd- > > questions@freebsd.org] On Behalf Of Ian Moore > > Sent: October 10, 2003 9:59 AM > > To: freebsd-questions > > Subject: ADSL modem & ip addresses > > > > Hi, > > I'm organising an ADSL connection and I'm a bit confused about our > > options. > > > > We need to provide web, ssh and mail access to our network for users > > from home > > across the Internet with an ADSL connection. > > I figure the best way to do this is to setup a new machine to act as a > > firewall and run a web server & sendmail on this box. (or I have seen > > something about using socket to divert these services to our existing > > server > > which has a private address). > > It's not a wise move to run the services on the same machine as your > firewall. You can setup an openbsd machine to serve as your firewall on > a very inexpensive old machine, running it as a gateway as well. You > can then forward specific ports (80, 25, 110 in your case) to your > services machine running either in a DMZ or behind the firewall. > Regarding the whole diverting issue, I encourage you to google "dual > homed hosts" I had some pretty favourites on my windows machine but I > lost them all when a hard drive died or I'd have some good ones for you. Thanks, I'll check that out. I've got a firewall machine partly built, becasue I kind of figured it was the best way to go. > > > The firewall would have a NIC with a private IP address to connect to > > the rest > > of our network. > > > > What's the best way then to connect it to the ADSL line? > > Do we have a second NIC in the firewall machine with a real IP address > > connected to an ADSL modem and use ppp -natd on that interface? Does > > that > > mean we'd need 2 static IP addresses - one for the firewall & one for > > the > > modem? (We really don't want to pay for 2 addresses) > > If you use pppoe, you can run ppp -ddial -quiet on startup by including > that in rc.conf. Checkout /etc/defaults/rc.conf. I setup a machine to > act as a gateway/firewall for 5 PC's on a 3mbit dsl line once... on a > P1Since 20 and it ran flawlessly. > > You don't need two IP's. Your modem *shouldn't* have to have an IP. If > it does, it's because it also acts as a router and hence does the pppoe > auth. I suppose you can use that as a router instead.. it's your > network ;) I like the flexibility my router provides me however. It's > remarkably easy to setup as well. Again I don't have any links right > now off-hand, but if you search for pppoe + freebsd + ipnat or something > you'll find some very good tutorials. There was this one for a cable > connection I used as a guide the first time, and just followed the steps > from other sources for setting up PPPoE. Thanks, I've had a couple of replies to this effect, so I'll start doing some googling. > > > Or can we use a USB connection instead - are there FBSD drivers for > > ADSL > > modems? I can't see any in the supported hardware list. > > AFAIK, there is no support (yet?) for a usb modem. I don't like them > anyway - I keep my apples with my apples, my oranges with... you guessed > it, the oranges. ADSL = network related stuff = runs on Ethernet. Yeah, that's my feeling too. Seems like there is a usb driver (in the ports) of one modem, but like you, I would rather stick to ethernet. > > > Or do we use a combined modem/router device to do the nat & > > firewalling and > > have it redirect mail, web & ssh access to our main server? (is that > > possible > > or do such devices not allow access into the network from the 'net?) > > by default they will not. As I said they work, but I'm not sure the > devices that are a modem + router built-in will also include > firewalling. I didn't really think those soho devices would be very powerful, much better to used FBSD & get as much power & flexibility as you need! I put that as an option just in case. Thanks to everyone for your replies. I really wanted someone to say this is the way to go, since it's all a bit theoretical until we have the connection & modem installed & can actually start playing with it. Now I'm happy to go ahead & set up my firewall machine and do lots of googling! Cheers, Ian