Dear all

I'd be very grateful for any insights you could share...

Our school network continues to grow. Different departments within the
school wish to piggy-back their windows machines on to our broadband
internet connection, via our 100Mbps wired LAN within the building. Before I
can allow anymore machines on, I need to put a measure of security in
place - principally between the school Admin and Curriculum 'networks' and
also between the other 3 departments who share the site with us. I was
thinking along the lines of subnetting our existing network and applying a
firewall between each sub-net.

Currently, our setup comprises of two FreeBSD (4.5RELENG) boxes - one acting
as a gateway/firewall between our private network (10.x.x.x/8) and the ADSL
router, the other as a fileserver/web proxy/redirector and email server to
our 40 or so Windows clients. DHCP and DNS is provided by the gateway.

The gateway currently runs with two NICs - one to a switch, the other to the
ADSL router. All other machines, including the fileserver hang off the
switch. The  ADSL router has another 3 10Mbps ports available for direct

The Admin and Curriculum users need to share the fileserver (for now, at
least.) The other new users simply need the broadband connectivity (with or
without the web-proxy facility that currently sits on the fileserver.)

Do I consider placing more NICs into the gateway in order to create (along
with a few switches) the new sub-nets, placing a firewall (ipfw) between
each interface?
Is it even possible to run >1 ipfw on the same box?
Do I build a couple of cheap boxes (like the P90 I'm using for the current
gateway) with FreeBSD and set them up for bridging along with ipfw?
Do I buy a few hardware routers with firewall facility and build my sub-nets
that way?
Do I use ifconfig to alias the one internal NIC in the present gateway to
create virtual sub-nets?
Is a firewall really what I need to restrict particular traffic (like SMB
browsing) across the sub-nets?

Or, am I barking up the wrong tree (spanning, or otherwise...)?

Thanks in advance.
Martyn Hill
ICT Teacher and IT Coordinator
St James Independent School

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Reply via email to