Date: Sun, 27 Jun 2004 15:54:32 -0400 From: Chuck Swiger <cswiger@mac.com> To: Romain Kang <romain@kzsu.stanford.edu> Cc: freebsd-questions@freebsd.org Subject: Re: IP alias + NAT through a single NIC? Message-ID: <40DF25F8.1050305@mac.com> In-Reply-To: <200406261600.i5QG07kG008437@kzsu.stanford.edu> References: <200406261600.i5QG07kG008437@kzsu.stanford.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Romain Kang wrote: > I have a single physical network with 2 disjoint address spaces in > it. Logical Net 1 is routable, while Logical Net 2 is in private > space intended to keep devices there safe from the outside. Now I > need to allow some Net 2 devices the capability to access the web, > and putting in a second physical net is impractical. > > Can a FreeBSD box with just one NIC on the physical net be used as > the router between the logical nets? Yes, although using one NIC compromises security a great deal compared with having two physical subnets seperated by a packet-filtering firewall. Set up an interface alias via ifconfig to go on the second network, enable ipforwarding and presumably NAT. > If so, could it be used to limit outside access from Net 2 by hardware address? All outside traffic is going to go through the machine used as a router and acquire it's hardware address. If you have another router on net 1, blocking packets from that MAC on all of the hosts on net 2 would be useful, but you'd have to do it for each client machine, not just on this FreeBSD box itself. > Or is there a proxy that would work for this configuration? Running a proxy server on the FreeBSD box is more secure than providing routing and NAT for the machines on net 2. squid works fine for this. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40DF25F8.1050305>