On Fri, Oct 10, 2003 at 11:29:08PM +0930, Ian Moore wrote:
> Hi,
> I'm organising an ADSL connection and I'm a bit confused about our options.
> 
> We need to provide web, ssh and mail access to our network for users from home 
> across the Internet with an ADSL connection.
> I figure the best way to do this is to setup a new machine to act as a 
> firewall and run a web server & sendmail on this box. (or I have seen 
> something about using socket to divert these services to our existing server 
> which has a private address).
> The firewall would have a NIC with a private IP address to connect to the rest 
> of our network.
> 
> What's the best way then to connect it to the ADSL line?

I feel its best to have a hardware modum that also knows how to build up
the connection. I've set my ADSL modum up so that it builds the
connection and then route the packets to my gateway computer.

> Do we have a second NIC in the firewall machine with a real IP address 

You do need a second NIC on the gateway. Either the gateway or the
modum needs to have the public (real) IP.

> connected to an ADSL modem and use ppp -natd on that interface? 

You like to run natd yes. If you go for a build up of the connection
with ppp then this is the way to go. If you don't then you can enable it
in rc.conf.

> Does that mean we'd need 2 static IP addresses - one for the firewall
> & one for the modem? (We really don't want to pay for 2 addresses)

You don't need that. Natd forwards work fine with one public IP adress.

> Or can we use a USB connection instead - are there FBSD drivers for ADSL 
> modems? I can't see any in the supported hardware list.

I wound't go for a USB connection.

> Or do we use a combined modem/router device to do the nat & firewalling and 
> have it redirect mail, web & ssh access to our main server? (is that possible 
> or do such devices not allow access into the network from the 'net?)

Having a modum that know how to build up the connection and route it is
the soluiton in my view.  I feel that its better to have a *BSD box
being the router, because router have a limmited memory. (Mine only had
256 slots for routing which was not suffecient in my case, because i run
mldonky or posibly kazza. This problem doesn't accoure with a BSD box.)

As a side not. If you care about security assume your gateway has bin
comprimised at all time. So also setup firewall on you other machines.
This way you are better protected.

-- 
Alex
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to