> On Fri, Oct 10, 2003 at 11:29:08PM +0930, Ian Moore wrote: > > Hi, > > I'm organising an ADSL connection and I'm a bit confused about our options. > > > > We need to provide web, ssh and mail access to our network for users from home > > across the Internet with an ADSL connection. > > I figure the best way to do this is to setup a new machine to act as a > > firewall and run a web server & sendmail on this box. (or I have seen > > something about using socket to divert these services to our existing server > > which has a private address). > > The firewall would have a NIC with a private IP address to connect to the rest > > of our network. > > > > What's the best way then to connect it to the ADSL line? > > I feel its best to have a hardware modum that also knows how to build up > the connection. I've set my ADSL modum up so that it builds the > connection and then route the packets to my gateway computer. > > > Do we have a second NIC in the firewall machine with a real IP address > > You do need a second NIC on the gateway. Either the gateway or the > modum needs to have the public (real) IP. > > > connected to an ADSL modem and use ppp -natd on that interface? > > You like to run natd yes. If you go for a build up of the connection > with ppp then this is the way to go. If you don't then you can enable it > in rc.conf. > > > Does that mean we'd need 2 static IP addresses - one for the firewall > > & one for the modem? (We really don't want to pay for 2 addresses) > > You don't need that. Natd forwards work fine with one public IP adress. > > > Or can we use a USB connection instead - are there FBSD drivers for ADSL > > modems? I can't see any in the supported hardware list. > > I wound't go for a USB connection. >
Can you or anyone on the list recoment a good, supported ADSL modem as i will be getting adsl with a static IP which i want assigned to my freebsd firewall not a adsl router. > > Or do we use a combined modem/router device to do the nat & firewalling and > > have it redirect mail, web & ssh access to our main server? (is that possible > > or do such devices not allow access into the network from the 'net?) > > Having a modum that know how to build up the connection and route it is > the soluiton in my view. I feel that its better to have a *BSD box > being the router, because router have a limmited memory. (Mine only had > 256 slots for routing which was not suffecient in my case, because i run > mldonky or posibly kazza. This problem doesn't accoure with a BSD box.) > > As a side not. If you care about security assume your gateway has bin > comprimised at all time. So also setup firewall on you other machines. > This way you are better protected. > > -- > Alex > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"