From nobody Wed Jun 29 07:17:20 2022 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id DAA8C8794E2 for ; Wed, 29 Jun 2022 07:17:37 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.135]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LXt8J3glCz4Sbl for ; Wed, 29 Jun 2022 07:17:36 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r56.edvax.de ([178.12.34.197]) by mrelayeu.kundenserver.de (mreue010 [212.227.15.167]) with ESMTPA (Nemesis) id 1N5FxN-1ngdHA1Ppl-011F7A; Wed, 29 Jun 2022 09:17:21 +0200 Date: Wed, 29 Jun 2022 09:17:20 +0200 From: Polytropon To: Doug McIntyre Cc: freebsd-questions Subject: Re: Two NICs in Single BOX and two separate network connection handling Message-Id: <20220629091720.b3a55bed.freebsd@edvax.de> In-Reply-To: References: Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:K32jPcInrh7NQcBnw0aTpUBbMw0TtCUaVQMcPTecceiHaVQKVng euluyfxXny5eTgPZhjAHXCfch2XdO/Q68rBrCjjf2BQ6e/KqeynGrPZynJkibpGn5wdWIFW XtqjeF4BFkkde1JOGCazNjNPlwCfGg6v0P4yvv4FVqWbDUdLfE6lOaJCF0zQbBW50kubKqX 5tQtEBsS+h6EqwtcnVvxQ== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:Tk5YD29ACnA=:VifManAPGAm2nYAyr9Yhj2 LJBr82zx0qCpHJArVeHBH6QBOhX4dSfab0hdM+DHtQQ2sS+sm4U1qM+f+tI6QVl46+2mztFpe tN00nkdTmBkHwrPjLK7PntqKfovqD3yoTttLv6Zwfpm4+lLG6oUW+czxtBBeyNsjpRhO4zAm4 suJ/KmhUkaqPobzQTYOg0h6RuYL3VVU9j80D1LMLKmtCLc3qxcwfbJsAw+Ti+j2cSBs5VSyg3 Y20qAQ+aY28hxrJUlTQDTKbopd3DWg6tIFj7eFSGqDrw8ctciGf4qy7ZAB6EOSnTmoRO+CvN/ HLMWfj3g3lhca+O9nkdew2Wb0/Nb1Hx5J4pOb1vEdbm8Pgs40l+Puyv5LPw/YYddRo6G1ZpT6 bXgY3hbteIgCABmGnYGwRkGPovfSw043NeVFLgMxSMh9D/Te1OMKWGnSP7it9hmT7S5qV+aL4 WzfYEOAlf/YSAhiG/rjs8c6yvuGS1RCVaoVmxAiJJcSQLBneEaJFk1meUTqtGzjpB19XYqXPb Doekyr5UMCzDJRdLVfTz6IyoGzBGjq/N3XT0ukTVyiGW0yCj4rQcH+Qg25qI2sfspe00beKXM BoF4+rTZww1h/DGb6vDvRiXV6WXdXOtrCNex0TRvSOx0Ua3JVJAPv259L/+BxcQnSRLcVajN+ i3AQGWNSfr8hsbAOOTzixAFqMt6ASjd883j+rqqpi430Chk6OOyQLZa2TeZUPmm8nisSERtl4 5WFkEyzSdEd5x3MjZlHdIuisMryW9BeglIPLtQ== X-Rspamd-Queue-Id: 4LXt8J3glCz4Sbl X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd@edvax.de has no SPF policy when checking 212.227.126.135) smtp.mailfrom=freebsd@edvax.de X-Spamd-Result: default: False [1.41 / 15.00]; HAS_REPLYTO(0.00)[freebsd@edvax.de]; RCVD_VIA_SMTP_AUTH(0.00)[]; MV_CASE(0.50)[]; HAS_ORG_HEADER(0.00)[]; TO_DN_ALL(0.00)[]; NEURAL_HAM_SHORT(-0.99)[-0.991]; RCPT_COUNT_TWO(0.00)[2]; RECEIVED_SPAMHAUS_PBL(0.00)[178.12.34.197:received]; RCVD_TLS_LAST(0.00)[]; R_DKIM_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; ARC_NA(0.00)[]; REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[edvax.de]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(1.00)[0.999]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MID_CONTAINS_FROM(1.00)[]; RCVD_IN_DNSWL_NONE(0.00)[212.227.126.135:from]; MLMMJ_DEST(0.00)[freebsd-questions]; R_SPF_NA(0.00)[no SPF record]; RWL_MAILSPIKE_POSSIBLE(0.00)[212.227.126.135:from]; RCVD_COUNT_TWO(0.00)[2] X-ThisMailContainsUnwantedMimeParts: N On Tue, 28 Jun 2022 23:05:11 -0500, Doug McIntyre wrote: > On Tue, Jun 28, 2022 at 10:51:52PM +0530, KK CHN wrote: > > Can some one shed some light on this? > > > > I have a server box with two interface cards. I want to use the scenario > > like this > > You want to make a router/Firewall. Looks like it. > While you can certainly do this with the base FreeBSD system no > problem, the level of questions you are asking would tend to make me > believe you are a beginner, that may be better served by running an > appliance (appropriately based around FreeBSD) that would do more of > the heavy lifting for you to start with. No need - FreeBSD can do this just fine. The parts involved here seem to be (according to the short description of intention): - regular network configuration, maybe PPPoE (but unlikely these days) for "outer" interface - DHCP server (dhcpd) for "inner" interface - NAT to connect them - simple IPFW rules for traffic control And that's about it. All those parts are covered in the Handbook. It should at least be a good starting point that can reveal which other, more detailed questions may arise. Specific files are /etc/rc.conf and /etc/ipfw.rules, as well as the DHCP configuration file, often /usr/local/etc/dhcpd.conf. Needless to say, what the OP seems (!) to request is something quite typical for a FreeBSD machine, and has been a solved problem for many decades now. Even I have implemented such setups with varying degrees of deviation from the standard assumptions. ;-) I'd also suggest to implement things piece by piece, i. e., get the machine to connect to your ISP first, then get the clients connect to your machine, and finally bring both worlds together. Configure restrictions as needed, or go with "enable things one by one", depending on your security model. > Systems such as opnsense.org, or pfsense.org may be better to start with. > They are much the same, so either would be good to start with. As long as it's okay for the user to deal with the overhead (such a web server for configuration GUI, if needed and intended), those are a solution that easily can be simply added without actually knowing the specific details and which will _still_ work - plus, they can be a good point to learn _how_ things are done, so it's easier to implement them by oneself in regular FreeBSD. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...