Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 05 May 2011 20:49:22 -0400
From:      Daniel Staal <DStaal@usa.net>
To:        =?UTF-8?Q?Leonardo_M=2E_Ram=C3=A9?= <martinrame@yahoo.com>, questions@freebsd.org
Subject:   Re: Home firewall with DLink router and FreeBSD
Message-ID:  <63C1F6F4EE966ADF8471C35F@mac-pro.magehandbook.com>
In-Reply-To: <687701.10024.qm@web113506.mail.gq1.yahoo.com>
References:  <687701.10024.qm@web113506.mail.gq1.yahoo.com>

next in thread | previous in thread | raw e-mail | index | archive | help
--As of May 5, 2011 5:37:52 PM -0700, Leonardo M. Ram=C3=A9 is alleged to =
have=20
said:

> Hi, at home I have a DLink Dir 300 router to provide internet access for
> my home network. The network is composed by two Windows PCs, one Linux
> laptop and one FreeBSD server we use mainly for storage and as
> web/database server.
>
> I must add, the server only have one network card.
>
> I would like to know if its possible to use the FreeBSD server as a
> Firewall for the whole network, securing LAN and WiFi connections. If
> this can be done, then how? could you point me to some howto?.

--As for the rest, it is mine.

I don't know of any howto's but it is possible.  You would need to set up=20
the FreeBSD box with two ip's on it's interface, (one as an alias), and=20
have them on separate networks.  (Sharing the same hardware, but with=20
non-overlapping ip ranges.  Make one a 10.* network and one a 192.168.*=20
network.)  One is the 'outside' network, and includes your internet=20
gateway.  The other is your 'inside' network and includes everything else.=20
(Including your WiFi access point.)

Then you set up the FreeBSD box to route & NAT between them, and to=20
firewall along the way.  A standard FreeBSD firewall howto would work=20
there, as long as you watch that you never specify an interface name in the =

firewall rules, but use the IP address instead.

However, I would not recommend this.  It's way too easy to accidentally at=20
some later point put one of your home boxes on the 'outside' network and=20
then you've just bypassed your firewall.  Another ethernet card won't cost=20
much, and will make the setup easier and more secure: You can then=20
physically separate the networks.

Daniel T. Staal

---------------------------------------------------------------
This email copyright the author.  Unless otherwise noted, you
are expressly allowed to retransmit, quote, or otherwise use
the contents for non-commercial purposes.  This copyright will
expire 5 years after the author's death, or in 30 years,
whichever is longer, unless such a period is in excess of
local copyright law.
---------------------------------------------------------------



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?63C1F6F4EE966ADF8471C35F>