Home firewall with DLink router and FreeBSD
Hi, at home I have a DLink Dir 300 router to provide internet access for my home network. The network is composed by two Windows PCs, one Linux laptop and one FreeBSD server we use mainly for storage and as web/database server. I must add, the server only have one network card. I would like to know if its possible to use the FreeBSD server as a Firewall for the whole network, securing LAN and WiFi connections. If this can be done, then how? could you point me to some howto?. P.S.: this is the 2nd time I send this email, the first time it got caught by SpamAssassin. Maybe because a link in my signature. Thanks in advance, Leonardo M. Ramé ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Home firewall with DLink router and FreeBSD
On 5/5/11 8:37 PM, Leonardo M. Ramé wrote: Hi, at home I have a DLink Dir 300 router to provide internet access for my home network. The network is composed by two Windows PCs, one Linux laptop and one FreeBSD server we use mainly for storage and as web/database server. I must add, the server only have one network card. It becomes difficult to use a server as a firewall unless you have an inside and an outside network. Easiest is to simply add another network card, should that be possible on your server. Another possibility is to use VLAN taggging and connect the server to a switch that understands VLANs. I would like to know if its possible to use the FreeBSD server as a Firewall for the whole network, securing LAN and WiFi connections. If this can be done, then how? could you point me to some howto?. Yes. I'd start on the FreeBSD website and start reading things that look useful. If you're thinking about using pf as your firewall, which I'd personally recommend though other options are perfectly workable also, there's a nice document on the OpenBSD web site, IIRC. P.S.: this is the 2nd time I send this email, the first time it got caught by SpamAssassin. Maybe because a link in my signature. We got both on the list. --Jon Radel j...@radel.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Home firewall with DLink router and FreeBSD
--As of May 5, 2011 5:37:52 PM -0700, Leonardo M. Ramé is alleged to have said: Hi, at home I have a DLink Dir 300 router to provide internet access for my home network. The network is composed by two Windows PCs, one Linux laptop and one FreeBSD server we use mainly for storage and as web/database server. I must add, the server only have one network card. I would like to know if its possible to use the FreeBSD server as a Firewall for the whole network, securing LAN and WiFi connections. If this can be done, then how? could you point me to some howto?. --As for the rest, it is mine. I don't know of any howto's but it is possible. You would need to set up the FreeBSD box with two ip's on it's interface, (one as an alias), and have them on separate networks. (Sharing the same hardware, but with non-overlapping ip ranges. Make one a 10.* network and one a 192.168.* network.) One is the 'outside' network, and includes your internet gateway. The other is your 'inside' network and includes everything else. (Including your WiFi access point.) Then you set up the FreeBSD box to route NAT between them, and to firewall along the way. A standard FreeBSD firewall howto would work there, as long as you watch that you never specify an interface name in the firewall rules, but use the IP address instead. However, I would not recommend this. It's way too easy to accidentally at some later point put one of your home boxes on the 'outside' network and then you've just bypassed your firewall. Another ethernet card won't cost much, and will make the setup easier and more secure: You can then physically separate the networks. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Home firewall with DLink router and FreeBSD
--- On Thu, 5/5/11, Jon Radel j...@radel.com wrote: From: Jon Radel j...@radel.com Subject: Re: Home firewall with DLink router and FreeBSD To: freebsd-questions@freebsd.org Date: Thursday, May 5, 2011, 9:50 PM On 5/5/11 8:37 PM, Leonardo M. Ramé wrote: Hi, at home I have a DLink Dir 300 router to provide internet access for my home network. The network is composed by two Windows PCs, one Linux laptop and one FreeBSD server we use mainly for storage and as web/database server. I must add, the server only have one network card. It becomes difficult to use a server as a firewall unless you have an inside and an outside network. Easiest is to simply add another network card, should that be possible on your server. Another possibility is to use VLAN taggging and connect the server to a switch that understands VLANs. I would like to know if its possible to use the FreeBSD server as a Firewall for the whole network, securing LAN and WiFi connections. If this can be done, then how? could you point me to some howto?. Yes. I'd start on the FreeBSD website and start reading things that look useful. If you're thinking about using pf as your firewall, which I'd personally recommend though other options are perfectly workable also, there's a nice document on the OpenBSD web site, IIRC. Thanks, I think I better add a 2nd network card, as Daniel suggested. Then I'll try this again. Leonardo M. Ramé http://leonardorame.blogspot.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
