Date: Fri, 1 Jul 2022 13:08:48 +0530 From: KK CHN <kkchn.in@gmail.com> To: Polytropon <freebsd@edvax.de> Cc: Doug McIntyre <merlyn@geeks.org>, freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Two NICs in Single BOX and two separate network connection handling Message-ID: <CAKgGyB8Um%2B_g0jqpuh9aCxmtrXUagjfpEU=JR2UiFmNBTeGm%2Bw@mail.gmail.com> In-Reply-To: <20220629091720.b3a55bed.freebsd@edvax.de> References: <CAKgGyB-_ctBbSmKLXR%2BEC=EwAQXHjioP%2BE16G4rh%2BvA2_jYnXQ@mail.gmail.com> <YrvPd0l/EpYg26r2@geeks.org> <20220629091720.b3a55bed.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--000000000000462b8605e2b970bf Content-Type: text/plain; charset="UTF-8" List, It's my pleasure to receive all of your valuable inputs for a new situation which I am not familiar with. This helps me to understand where to start and what to do... Thank you all fellow BSDians and great support from this FBSD mailing list. Krish On Wed, Jun 29, 2022 at 12:48 PM Polytropon <freebsd@edvax.de> wrote: > On Tue, 28 Jun 2022 23:05:11 -0500, Doug McIntyre wrote: > > On Tue, Jun 28, 2022 at 10:51:52PM +0530, KK CHN wrote: > > > Can some one shed some light on this? > > > > > > I have a server box with two interface cards. I want to use the > scenario > > > like this > > > > You want to make a router/Firewall. > > Looks like it. > > > > > While you can certainly do this with the base FreeBSD system no > > problem, the level of questions you are asking would tend to make me > > believe you are a beginner, that may be better served by running an > > appliance (appropriately based around FreeBSD) that would do more of > > the heavy lifting for you to start with. > > No need - FreeBSD can do this just fine. The parts involved here > seem to be (according to the short description of intention): > > - regular network configuration, maybe PPPoE (but > unlikely these days) for "outer" interface > > - DHCP server (dhcpd) for "inner" interface > > - NAT to connect them > > - simple IPFW rules for traffic control > > And that's about it. All those parts are covered in the Handbook. > It should at least be a good starting point that can reveal which > other, more detailed questions may arise. > > Specific files are /etc/rc.conf and /etc/ipfw.rules, as well > as the DHCP configuration file, often /usr/local/etc/dhcpd.conf. > > Needless to say, what the OP seems (!) to request is something > quite typical for a FreeBSD machine, and has been a solved problem > for many decades now. Even I have implemented such setups with > varying degrees of deviation from the standard assumptions. ;-) > > I'd also suggest to implement things piece by piece, i. e., get > the machine to connect to your ISP first, then get the clients > connect to your machine, and finally bring both worlds together. > Configure restrictions as needed, or go with "enable things one > by one", depending on your security model. > > > > > Systems such as opnsense.org, or pfsense.org may be better to start > with. > > They are much the same, so either would be good to start with. > > As long as it's okay for the user to deal with the overhead (such > a web server for configuration GUI, if needed and intended), those > are a solution that easily can be simply added without actually > knowing the specific details and which will _still_ work - plus, > they can be a good point to learn _how_ things are done, so it's > easier to implement them by oneself in regular FreeBSD. > > > > -- > Polytropon > Magdeburg, Germany > Happy FreeBSD user since 4.0 > Andra moi ennepe, Mousa, ... > > --000000000000462b8605e2b970bf Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div>List,<br></div><div><br></div><div>It's my pleasu= re to receive all of your valuable inputs for a new situation which I am no= t familiar with. <br></div><div>This helps me to understand where to start = and what=C2=A0 to do... <br></div><div><br></div><div> Thank you all fellow= BSDians and=C2=A0 great support from this FBSD mailing list.=C2=A0 <br></d= iv><div><br></div><div>Krish<br></div></div><br><div class=3D"gmail_quote">= <div dir=3D"ltr" class=3D"gmail_attr">On Wed, Jun 29, 2022 at 12:48 PM Poly= tropon <<a href=3D"mailto:freebsd@edvax.de">freebsd@edvax.de</a>> wro= te:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px = 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Tue, 28 J= un 2022 23:05:11 -0500, Doug McIntyre wrote:<br> > On Tue, Jun 28, 2022 at 10:51:52PM +0530, KK CHN wrote:<br> > > Can some one shed some light on this?<br> > > <br> > > I have a server=C2=A0 box=C2=A0 with two interface cards.=C2=A0 I= want to use the scenario<br> > > like this<br> > <br> > You want to make a router/Firewall.<br> <br> Looks like it.<br> <br> <br> <br> > While you can certainly do this with the base FreeBSD system no<br> > problem, the level of questions you are asking would tend to make me<b= r> > believe you are a beginner, that may be better served by running an<br= > > appliance (appropriately based around FreeBSD) that would do more of<b= r> > the heavy lifting for you to start with.<br> <br> No need - FreeBSD can do this just fine. The parts involved here<br> seem to be (according to the short description of intention):<br> <br> =C2=A0 =C2=A0 =C2=A0 =C2=A0 - regular network configuration, maybe PPPoE (b= ut<br> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 unlikely these days) for "outer&quo= t; interface<br> <br> =C2=A0 =C2=A0 =C2=A0 =C2=A0 - DHCP server (dhcpd) for "inner" int= erface<br> <br> =C2=A0 =C2=A0 =C2=A0 =C2=A0 - NAT to connect them<br> <br> =C2=A0 =C2=A0 =C2=A0 =C2=A0 - simple IPFW rules for traffic control<br> <br> And that's about it. All those parts are covered in the Handbook.<br> It should at least be a good starting point that can reveal which<br> other, more detailed questions may arise.<br> <br> Specific files are /etc/rc.conf and /etc/ipfw.rules, as well<br> as the DHCP configuration file, often /usr/local/etc/dhcpd.conf.<br> <br> Needless to say, what the OP seems (!) to request is something<br> quite typical for a FreeBSD machine, and has been a solved problem<br> for many decades now. Even I have implemented such setups with<br> varying degrees of deviation from the standard assumptions. ;-)<br> <br> I'd also suggest to implement things piece by piece, i. e., get<br> the machine to connect to your ISP first, then get the clients<br> connect to your machine, and finally bring both worlds together.<br> Configure restrictions as needed, or go with "enable things one<br> by one", depending on your security model.<br> <br> <br> <br> > Systems such as <a href=3D"http://opnsense.org" rel=3D"noreferrer" tar= get=3D"_blank">opnsense.org</a>, or <a href=3D"http://pfsense.org" rel=3D"n= oreferrer" target=3D"_blank">pfsense.org</a> may be better to start with.<b= r> > They are much the same, so either would be good to start with.<br> <br> As long as it's okay for the user to deal with the overhead (such<br> a web server for configuration GUI, if needed and intended), those<br> are a solution that easily can be simply added without actually<br> knowing the specific details and which will _still_ work - plus,<br> they can be a good point to learn _how_ things are done, so it's<br> easier to implement them by oneself in regular FreeBSD.<br> <br> <br> <br> -- <br> Polytropon<br> Magdeburg, Germany<br> Happy FreeBSD user since 4.0<br> Andra moi ennepe, Mousa, ...<br> <br> </blockquote></div> --000000000000462b8605e2b970bf--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKgGyB8Um%2B_g0jqpuh9aCxmtrXUagjfpEU=JR2UiFmNBTeGm%2Bw>