From owner-freebsd-questions@FreeBSD.ORG Tue Aug 2 16:26:16 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 44FB716A41F for ; Tue, 2 Aug 2005 16:26:16 +0000 (GMT) (envelope-from stephanweaver@hotmail.com) Received: from hotmail.com (bay20-f2.bay20.hotmail.com [64.4.54.91]) by mx1.FreeBSD.org (Postfix) with ESMTP id 13CF043D45 for ; Tue, 2 Aug 2005 16:26:16 +0000 (GMT) (envelope-from stephanweaver@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 2 Aug 2005 09:26:15 -0700 Message-ID: Received: from 201.238.77.219 by by20fd.bay20.hotmail.msn.com with HTTP; Tue, 02 Aug 2005 16:26:14 GMT X-Originating-IP: [201.238.77.219] X-Originating-Email: [stephanweaver@hotmail.com] X-Sender: stephanweaver@hotmail.com From: "Stephan Weaver" To: freebsd-questions@freebsd.org Date: Tue, 02 Aug 2005 12:26:14 -0400 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: 02 Aug 2005 16:26:15.0172 (UTC) FILETIME=[E745EC40:01C5977E] Subject: Networking with FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Aug 2005 16:26:16 -0000 Hello Everyone. We are going to be connecting our Stores to our Main Head Office Via Fiber. We want to separate our Internal Lan from the store computers. So we have decided to separate them by networks [ip addressing] because of security. Head Office I have 3 Servers in my LAN. And 4 Networks in Total inside of out Head Office. 10.10.10.1 - Pixel Replication Server 192.168.1.1 - Web Based Server [Delivery Server] 192.168.100.1 - File Server Including Internet Users. 192.168.0.1-254 [ Lan ]. The store computers that need to access specific servers, are only on that network. For example. Store 1, Computer 1 Needs to Replicate [he will have an ip of 10.10.10.105] Store 1, Computer 2 [The Delivery Pc]. he will have an ip of 192.168.1.105 Store 1, Computer 3 Will access the File Server by having an ip of 192.168.100.105. Now the Risk involved with this is we have no Real Security, For Example. A Malicious user can easily change his ip address to 192.168.0.105 For Example and Get on our Head Office Internal Network. Which We don't Want. So i would like to Setup, Install And Configure a FreeBSD Based Firewall, that will have 4 Network Cards, and will be placed between Our Head Office Switch, and out Fibre Switch [Wan]. But AFAIK, By Placing all these network cards in the Same Machine, FreeBSD Will Bridge All Those Networks. How Can i keep the networks Separate, and Secure the Servers by Firewalling by ip addressing? I would appreciate Advice / Suggestions / Anything That will give me a better clue on how to secure my network. Yours Sincerely, Stephan Weaver _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/