From owner-freebsd-net@FreeBSD.ORG Wed Feb 6 19:38:13 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 1B9F258F for ; Wed, 6 Feb 2013 19:38:13 +0000 (UTC) (envelope-from amvandemore@gmail.com) Received: from mail-wi0-x22a.google.com (mail-wi0-x22a.google.com [IPv6:2a00:1450:400c:c05::22a]) by mx1.freebsd.org (Postfix) with ESMTP id 9C306351 for ; Wed, 6 Feb 2013 19:38:12 +0000 (UTC) Received: by mail-wi0-f170.google.com with SMTP id hm11so7427805wib.5 for ; Wed, 06 Feb 2013 11:38:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=80QBu6/sYiyGWlLIQq//cfwfhWkdtkKM1zFymbOVgcg=; b=J7wZzpJFMRyUNm3uGOIzm3AKLzBUl05taB/XDa5v6qqqzm6rUJHivRzJ2z2MF14CLp t+kw4dtxXAUjQM5Ai1QtfldRPyswmlYfNF1jI4Ewx4v5V/e1/aIMpMuapUxttBQKgvd8 u2JEDCiHM1tv7KU9vjvOGayGAFRerCDly+JgPTOZCW1bqvtrLiP9j0cFFUzP0+J4NAS1 +4PeCKi5N52dZ0wKVmP5qlo9gRCMxxhi9FJFpEHHKzT30BWjMypnii6bNTiiNg3YMSqG DnYphNT3Kbj04a0NZxiqCVOTifYR+LJvYYoJj/cP68SQOrLVkmE1o5Igw1rxyN8ZIsnK VuSQ== MIME-Version: 1.0 X-Received: by 10.194.109.10 with SMTP id ho10mr6583929wjb.16.1360179491596; Wed, 06 Feb 2013 11:38:11 -0800 (PST) Received: by 10.194.165.170 with HTTP; Wed, 6 Feb 2013 11:38:11 -0800 (PST) In-Reply-To: References: Date: Wed, 6 Feb 2013 13:38:11 -0600 Message-ID: Subject: Re: Guest network on corporate LAN - options for security From: Adam Vande More To: Kurt Buff Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: freebsd-net@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Feb 2013 19:38:13 -0000 On Wed, Feb 6, 2013 at 1:29 PM, Kurt Buff wrote: > All, > > If this isn't the right list for this, please let me know. > > Quite some time ago, I set up an unsecured guest VLAN in our network, > providing wireless access to all of the sundry devices that staff and > visitors carry. I set up a small FreeBSD machine to serve IP addresses > via DHCP, and that was dead simple. > > However, there are now other tenants in our building, and the subnet > is getting too much bandwidth and address consumption - the range I > set up is completely filled, and the VLAN is consuming about half of > our Internet pipe, which is far too much for my comfort. > > I suspect the other tenants are leeching. > > Does anyone have ideas on how I can leverage that FreeBSD box to control > this? > If it were me, I would consider replacing the FreeBSD Box with PfSense. It has a lot of managment features built in so if you're looking to get those without a big time sink otherwise, something like that is the way to go. -- Adam Vande More