Date: Tue, 02 Aug 2005 11:59:06 -0500 From: Kevin Kinsey <kdk@daleco.biz> To: Stephan Weaver <stephanweaver@hotmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Networking with FreeBSD Message-ID: <42EFA65A.5080905@daleco.biz> In-Reply-To: <BAY20-F2F61C3D84924A4CD57576A8C20@phx.gbl> References: <BAY20-F2F61C3D84924A4CD57576A8C20@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
Stephan Weaver wrote: > Hello Everyone. > > We are going to be connecting our Stores to our Main Head Office Via > Fiber. > We want to separate our Internal Lan from the store computers. > So we have decided to separate them by networks [ip addressing] > because of security. > > > Head Office > I have 3 Servers in my LAN. And 4 Networks in Total inside of out Head > Office. > 10.10.10.1 - Pixel Replication Server > 192.168.1.1 - Web Based Server [Delivery Server] > 192.168.100.1 - File Server > Including Internet Users. > 192.168.0.1-254 [ Lan ]. > > > The store computers that need to access specific servers, are only on > that network. > For example. > Store 1, Computer 1 Needs to Replicate [he will have an ip of > 10.10.10.105] > Store 1, Computer 2 [The Delivery Pc]. he will have an ip of > 192.168.1.105 > Store 1, Computer 3 Will access the File Server by having an ip of > 192.168.100.105. > > Now the Risk involved with this is we have no Real Security, For Example. > A Malicious user can easily change his ip address to 192.168.0.105 For > Example and Get on our Head Office Internal Network. Which We don't Want. > > So i would like to Setup, Install And Configure a FreeBSD Based > Firewall, that > will have 4 Network Cards, and will be placed between Our Head Office > Switch, and out Fibre Switch [Wan]. > > But AFAIK, By Placing all these network cards in the Same Machine, > FreeBSD Will Bridge All Those Networks. > How Can i keep the networks Separate, and Secure the Servers by > Firewalling by ip addressing? > > I would appreciate Advice / Suggestions / Anything That will give me a > better clue on how to secure my network. > > Yours Sincerely, > Stephan Weaver > This is probably not Real Helpful(tm), but maybe we can get the ball rolling here (so I've included your entire post) --- I'm looking at m0n0wall (http://m0n0.ch/wall) to do a little of this on a smaller scale --- basically just keeping 2 LAN's on the same wire seperate from one another, and limiting access to the big bad Net via a "captive portal". Not sure if it would be any help to you, however.... Kevin Kinsey
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42EFA65A.5080905>