From owner-freebsd-questions@FreeBSD.ORG Fri Oct 24 06:49:25 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C37B216A4BF for ; Fri, 24 Oct 2003 06:49:25 -0700 (PDT) Received: from ns2.uk.circle.com (ns0.uk.circle.com [213.249.210.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7528343F75 for ; Fri, 24 Oct 2003 06:49:23 -0700 (PDT) (envelope-from vince.hoffman@uk.circle.com) Received: from itlonkazlauskas ([213.86.179.231]) by ns2.uk.circle.com (8.12.9/8.12.9) with SMTP id h9ODkxAN034282; Fri, 24 Oct 2003 14:47:00 +0100 (BST) (envelope-from vince.hoffman@uk.circle.com) Message-ID: <013e01c39a35$a2404110$e7b356d5@uk.circle.com> From: "Vince Hoffman" To: "Alex de Kruijff" , "Ian Moore" References: <200310102329.08549.imoore@picknowl.com.au> <20031024132939.GD30536@dds.nl> Date: Fri, 24 Oct 2003 14:43:38 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4927.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200 cc: freebsd-questions Subject: Re: ADSL modem & ip addresses X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Oct 2003 13:49:26 -0000 > On Fri, Oct 10, 2003 at 11:29:08PM +0930, Ian Moore wrote: > > Hi, > > I'm organising an ADSL connection and I'm a bit confused about our options. > > > > We need to provide web, ssh and mail access to our network for users from home > > across the Internet with an ADSL connection. > > I figure the best way to do this is to setup a new machine to act as a > > firewall and run a web server & sendmail on this box. (or I have seen > > something about using socket to divert these services to our existing server > > which has a private address). > > The firewall would have a NIC with a private IP address to connect to the rest > > of our network. > > > > What's the best way then to connect it to the ADSL line? > > I feel its best to have a hardware modum that also knows how to build up > the connection. I've set my ADSL modum up so that it builds the > connection and then route the packets to my gateway computer. > > > Do we have a second NIC in the firewall machine with a real IP address > > You do need a second NIC on the gateway. Either the gateway or the > modum needs to have the public (real) IP. > > > connected to an ADSL modem and use ppp -natd on that interface? > > You like to run natd yes. If you go for a build up of the connection > with ppp then this is the way to go. If you don't then you can enable it > in rc.conf. > > > Does that mean we'd need 2 static IP addresses - one for the firewall > > & one for the modem? (We really don't want to pay for 2 addresses) > > You don't need that. Natd forwards work fine with one public IP adress. > > > Or can we use a USB connection instead - are there FBSD drivers for ADSL > > modems? I can't see any in the supported hardware list. > > I wound't go for a USB connection. > Can you or anyone on the list recoment a good, supported ADSL modem as i will be getting adsl with a static IP which i want assigned to my freebsd firewall not a adsl router. > > Or do we use a combined modem/router device to do the nat & firewalling and > > have it redirect mail, web & ssh access to our main server? (is that possible > > or do such devices not allow access into the network from the 'net?) > > Having a modum that know how to build up the connection and route it is > the soluiton in my view. I feel that its better to have a *BSD box > being the router, because router have a limmited memory. (Mine only had > 256 slots for routing which was not suffecient in my case, because i run > mldonky or posibly kazza. This problem doesn't accoure with a BSD box.) > > As a side not. If you care about security assume your gateway has bin > comprimised at all time. So also setup firewall on you other machines. > This way you are better protected. > > -- > Alex > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >