From owner-freebsd-questions@FreeBSD.ORG Tue Aug 2 17:43:13 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5718816A41F for ; Tue, 2 Aug 2005 17:43:13 +0000 (GMT) (envelope-from stephanweaver@hotmail.com) Received: from hotmail.com (bay20-f2.bay20.hotmail.com [64.4.54.91]) by mx1.FreeBSD.org (Postfix) with ESMTP id 21E1043D48 for ; Tue, 2 Aug 2005 17:43:13 +0000 (GMT) (envelope-from stephanweaver@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 2 Aug 2005 10:43:12 -0700 Message-ID: Received: from 201.238.77.219 by by20fd.bay20.hotmail.msn.com with HTTP; Tue, 02 Aug 2005 17:43:12 GMT X-Originating-IP: [201.238.77.219] X-Originating-Email: [stephanweaver@hotmail.com] X-Sender: stephanweaver@hotmail.com In-Reply-To: <42EFAF93.5060800@mac.com> From: "Stephan Weaver" To: cswiger@mac.com Date: Tue, 02 Aug 2005 13:43:12 -0400 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: 02 Aug 2005 17:43:12.0955 (UTC) FILETIME=[A7AFB0B0:01C59789] Cc: freebsd-questions@freebsd.org Subject: Re: Networking with FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Aug 2005 17:43:13 -0000 >From: Chuck Swiger >To: Stephan Weaver >CC: freebsd-questions@freebsd.org >Subject: Re: Networking with FreeBSD >Date: Tue, 02 Aug 2005 13:38:27 -0400 > >Stephan Weaver wrote: >[ ... ] >>But AFAIK, By Placing all these network cards in the Same Machine, FreeBSD >>Will Bridge All Those Networks. > >FreeBSD is well-behaved in terms of security. It will not act as a layer-2 >bridge or as a layer-3 IP router/firewall, unless and until you tell it to >do so. > >See the options set in /etc/rc.conf and /etc/defaults/rc.conf such as: > >gateway_enable="NO" # Set to YES if this host will be a >gateway. >router_enable="NO" # Set to YES to enable a routing daemon. >firewall_enable="NO" # Set to YES to enable firewall >functionality >firewall_script="/etc/rc.firewall" # Which script to run to set up the >firewall >firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) > >...or "man bridge". > >>How Can i keep the networks Separate, and Secure the Servers by >>Firewalling by ip addressing? > >Well, if you set the machines up on three or four seperate subnets, each on >a seperate collision domain (ie, each with it's own hub or switch VLAN), >you can firewall traffic both by subnet and by individual IPs. A proper >ruleset will integrate anti-spoofing rules which will prevent a machine >from sending traffic as if it were an IP on another subnet, or at least >prevent the traffic from going through the firewall to reach your private >internal networks. > >Obviously, you want to keep untrusted machines on another subnet than the >servers you are protecting. Go read "Building Internet Firewalls" >published by O'Reilley, as well as http://www.ietf.org/rfc/rfc2196.txt... > >-- >-Chuck > Thank You So Very Much for your quick response. I am familar with firewalling, but i never done something like this. Mabee you can give me an actual Example from my reference. Using my networks ect. What i want to do is seperate the network's on the same wire. _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/