> On Fri, Oct 10, 2003 at 11:29:08PM +0930, Ian Moore wrote:
> > Hi,
> > I'm organising an ADSL connection and I'm a bit confused about our
options.
> >
> > We need to provide web, ssh and mail access to our network for users
from home
> > across the Internet with an ADSL connection.
> > I figure the best way to do this is to setup a new machine to act as a
> > firewall and run a web server & sendmail on this box. (or I have seen
> > something about using socket to divert these services to our existing
server
> > which has a private address).
> > The firewall would have a NIC with a private IP address to connect to
the rest
> > of our network.
> >
> > What's the best way then to connect it to the ADSL line?
>
> I feel its best to have a hardware modum that also knows how to build up
> the connection. I've set my ADSL modum up so that it builds the
> connection and then route the packets to my gateway computer.
>
> > Do we have a second NIC in the firewall machine with a real IP address
>
> You do need a second NIC on the gateway. Either the gateway or the
> modum needs to have the public (real) IP.
>
> > connected to an ADSL modem and use ppp -natd on that interface?
>
> You like to run natd yes. If you go for a build up of the connection
> with ppp then this is the way to go. If you don't then you can enable it
> in rc.conf.
>
> > Does that mean we'd need 2 static IP addresses - one for the firewall
> > & one for the modem? (We really don't want to pay for 2 addresses)
>
> You don't need that. Natd forwards work fine with one public IP adress.
>
> > Or can we use a USB connection instead - are there FBSD drivers for ADSL
> > modems? I can't see any in the supported hardware list.
>
> I wound't go for a USB connection.
>

Can you or anyone on the list recoment a good, supported ADSL modem as i
will be getting adsl with a static IP which i want assigned to my freebsd
firewall not a adsl router.

> > Or do we use a combined modem/router device to do the nat & firewalling
and
> > have it redirect mail, web & ssh access to our main server? (is that
possible
> > or do such devices not allow access into the network from the 'net?)
>
> Having a modum that know how to build up the connection and route it is
> the soluiton in my view.  I feel that its better to have a *BSD box
> being the router, because router have a limmited memory. (Mine only had
> 256 slots for routing which was not suffecient in my case, because i run
> mldonky or posibly kazza. This problem doesn't accoure with a BSD box.)
>
> As a side not. If you care about security assume your gateway has bin
> comprimised at all time. So also setup firewall on you other machines.
> This way you are better protected.
>
> --
> Alex
> _______________________________________________
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
"[EMAIL PROTECTED]"
>

_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to