Networking with FreeBSD

Kevin Kinsey kdk at daleco.biz
Tue Aug 2 16:59:15 GMT 2005 

Stephan Weaver wrote:

> Hello Everyone.
>
> We are going to be connecting our Stores to our Main Head Office Via 
> Fiber.
> We want to separate our Internal Lan from the store computers.
> So we have decided to separate them by networks [ip addressing] 
> because of security.
>
>
> Head Office
> I have 3 Servers in my LAN. And 4 Networks in Total inside of out Head 
> Office.
> 10.10.10.1 - Pixel Replication Server
> 192.168.1.1 - Web Based Server [Delivery Server]
> 192.168.100.1 - File Server
> Including Internet Users.
> 192.168.0.1-254 [ Lan ].
>
>
> The store computers that need to access specific servers, are only on 
> that network.
> For example.
> Store 1, Computer 1 Needs to Replicate [he will have an ip of 
> 10.10.10.105]
> Store 1, Computer 2 [The Delivery Pc]. he will have an ip of 
> 192.168.1.105
> Store 1, Computer 3 Will access the File Server by having an ip of 
> 192.168.100.105.
>
> Now the Risk involved with this is we have no Real Security, For Example.
> A Malicious user can easily change his ip address to 192.168.0.105 For
> Example and Get on our Head Office Internal Network. Which We don't Want.
>
> So i would like to Setup, Install And Configure a FreeBSD Based 
> Firewall, that
> will have 4 Network Cards, and will be placed between Our Head Office 
> Switch, and out Fibre Switch [Wan].
>
> But AFAIK, By Placing all these network cards in the Same Machine, 
> FreeBSD Will Bridge All Those Networks.
> How Can i keep the networks Separate, and Secure the Servers by 
> Firewalling by ip addressing?
>
> I would appreciate Advice / Suggestions / Anything That will give me a 
> better clue on how to secure my network.
>
> Yours Sincerely,
> Stephan Weaver
>

This is probably not Real Helpful(tm), but maybe we can get the
ball rolling here (so I've included your entire post)  --- I'm looking
at m0n0wall (http://m0n0.ch/wall) to do a little of this on a smaller
scale --- basically just keeping 2 LAN's on the same wire seperate
from one another, and limiting access to the big bad Net via a
"captive portal".

Not sure if it would be any help to you, however....

Kevin Kinsey

More information about the freebsd-questions mailing list