From owner-freebsd-questions  Sat May 19  7:37: 2 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from fepA.post.tele.dk (fepA.post.tele.dk [195.41.46.143])
	by hub.freebsd.org (Postfix) with ESMTP id 63A5D37B43C
	for <freebsd-questions@FreeBSD.ORG>; Sat, 19 May 2001 07:36:59 -0700 (PDT)
	(envelope-from leif@neland.dk)
Received: from arnold.neland.dk ([62.243.18.147]) by fepA.post.tele.dk
          (InterMail vM.4.01.03.00 201-229-121) with ESMTP
          id <20010519143657.KQGP28791.fepA.post.tele.dk@arnold.neland.dk>;
          Sat, 19 May 2001 16:36:57 +0200
Received: from localhost (leif@localhost)
	by arnold.neland.dk (8.11.3/8.11.3) with ESMTP id f4JEauH32057;
	Sat, 19 May 2001 16:37:09 +0200 (CEST)
	(envelope-from leif@neland.dk)
Date: Sat, 19 May 2001 16:36:55 +0200 (CEST)
From: Leif Neland <leif@neland.dk>
To: User & <taylorm@spyder.bytecraft.au.com>
Cc: <freebsd-questions@FreeBSD.ORG>
Subject: Re: routing 
In-Reply-To: <20010517005418.A86923@spyder.bytecraft.au.com>
Message-ID: <20010519163112.A31546-100000@arnold.neland.dk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG



On Thu, 17 May 2001, User & wrote:

> Is it possible to use a fbsd box as a router
> via two separate NICs each on their own net
> i.e 10.1.2.0 and 203.12.34.0, into a common hub?
>
> I need to maintain some pre-existing systems on the
> old 10. numbers (due to hard coded ancient programs)
> yet support our new connectivity....
>
I'd recommend using the fbsdbox as a firewall and keep the existing
10.1.2.0 machines on the inside, invisible to the world. (Or just tunnel
the needed adresses through). The ancient programs are probably not built
with enough security to be visible to todays hostile internet environment
(read: they are probably not hacker-proof)

Just keep whatever is nessecary outside the firewall/router (or on a 3rd
nic to have a "Demilitarized zone" where some services are accessible from
the outside) and have the rest inside.

Leif


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message