Date: Thu, 05 May 2011 20:49:22 -0400 From: Daniel Staal <DStaal@usa.net> To: =?UTF-8?Q?Leonardo_M=2E_Ram=C3=A9?= <martinrame@yahoo.com>, questions@freebsd.org Subject: Re: Home firewall with DLink router and FreeBSD Message-ID: <63C1F6F4EE966ADF8471C35F@mac-pro.magehandbook.com> In-Reply-To: <687701.10024.qm@web113506.mail.gq1.yahoo.com> References: <687701.10024.qm@web113506.mail.gq1.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--As of May 5, 2011 5:37:52 PM -0700, Leonardo M. Ram=C3=A9 is alleged to = have=20 said: > Hi, at home I have a DLink Dir 300 router to provide internet access for > my home network. The network is composed by two Windows PCs, one Linux > laptop and one FreeBSD server we use mainly for storage and as > web/database server. > > I must add, the server only have one network card. > > I would like to know if its possible to use the FreeBSD server as a > Firewall for the whole network, securing LAN and WiFi connections. If > this can be done, then how? could you point me to some howto?. --As for the rest, it is mine. I don't know of any howto's but it is possible. You would need to set up=20 the FreeBSD box with two ip's on it's interface, (one as an alias), and=20 have them on separate networks. (Sharing the same hardware, but with=20 non-overlapping ip ranges. Make one a 10.* network and one a 192.168.*=20 network.) One is the 'outside' network, and includes your internet=20 gateway. The other is your 'inside' network and includes everything else.=20 (Including your WiFi access point.) Then you set up the FreeBSD box to route & NAT between them, and to=20 firewall along the way. A standard FreeBSD firewall howto would work=20 there, as long as you watch that you never specify an interface name in the = firewall rules, but use the IP address instead. However, I would not recommend this. It's way too easy to accidentally at=20 some later point put one of your home boxes on the 'outside' network and=20 then you've just bypassed your firewall. Another ethernet card won't cost=20 much, and will make the setup easier and more secure: You can then=20 physically separate the networks. Daniel T. Staal --------------------------------------------------------------- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. ---------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?63C1F6F4EE966ADF8471C35F>