Romain Kang wrote:
I have a single physical network with 2 disjoint address spaces in
it. Logical Net 1 is routable, while Logical Net 2 is in private
space intended to keep devices there safe from the outside. Now I
need to allow some Net 2 devices the capability to access the web,
and putting in a second physical net is impractical.
Can a FreeBSD box with just one NIC on the physical net be used as
the router between the logical nets?
Yes, although using one NIC compromises security a great deal compared with
having two physical subnets seperated by a packet-filtering firewall.
Set up an interface alias via ifconfig to go on the second network, enable
ipforwarding and presumably NAT.
If so, could it be used to limit outside access from Net 2 by hardware address?
All outside traffic is going to go through the machine used as a router and
acquire it's hardware address. If you have another router on net 1, blocking
packets from that MAC on all of the hosts on net 2 would be useful, but you'd
have to do it for each client machine, not just on this FreeBSD box itself.
Or is there a proxy that would work for this configuration?
Running a proxy server on the FreeBSD box is more secure than providing
routing and NAT for the machines on net 2. squid works fine for this.
--
-Chuck
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"