From owner-freebsd-questions@FreeBSD.ORG Tue Mar 30 00:12:27 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 00B4616A4CF for ; Tue, 30 Mar 2004 00:12:27 -0800 (PST) Received: from hkisrv08.tw.fi (host76-42.teleware.fi [193.65.76.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6C51F43D31 for ; Tue, 30 Mar 2004 00:12:25 -0800 (PST) (envelope-from Toni.Heinonen@teleware.fi) Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 Date: Tue, 30 Mar 2004 11:13:39 +0300 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Using IPFW/NAT with multiport PCI cards thread-index: AcQWLiTap5Pi6kB4SD6LD1fqBvGa/gAAEftQ From: "Toni Heinonen" To: "Odhiambo Washington" , "FBSD-Q" Subject: RE: Using IPFW/NAT with multiport PCI cards X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Mar 2004 08:12:27 -0000 > I am writing to request for advise/recommendations on the=20 > subject. I've > been tasked to build a router/firewall based on FreeBSD. I'd=20 > like to use > 5.2-RELEASE. >=20 > Now my only problem is that I have played a little with ipfw in a > situation where I have just two interfaces, 1 external and 1 internal. > My current requirement however involves one external interface and > four (or more) internal interfaces (which should all be SEPARATE > networks, invisible from each other). Sure, this is possible. To tell you the truth, if you're not sure how to = do it, the cheapest and easiest way would be to just get 4 ethernet = cards for the internal interfaces. However, the most dynamic way would = be to get an ethernet card that supports 802.1q or Cisco ISL, which are = switch trunking protocols. You could then separate the networks into = different virtual LANs in a switch, that was connected to the 802.1q = NIC. That NIC would then have an IP address from each of the networks. I'm not sure how 802.1q can be configured in FreeBSD, but that shouldn't = be too hard - the more difficult part should be configuring the switch.