Re: Networking with FreeBSD
You can use ipf or ipfw as firewall to create a set of rules, allowind and denying access to different resources from/to different network. Also you can use ipnat to make NAT translation if needed. Personally I'd advice you to use ipf as packet filter, ipfw as traffic shaper and ipnat for NAT. Hope this will help you, there are tons of topics and howto's about using ipf, ipfw and ipnat :) Ivailo Tanusheff Senior System administrator ProCredit Bank (Bulgaria) AD tel. +359 2 921 7161 fax +359 2 921 7110 http://www.procreditbank.bg Disclaimer: The information contained in this message is intended solely for the use of individual or entity to whom it is addressed and other authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this message is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. ProCredit Bank is neither liable for the proper and complete transmission of the information contained in this message nor for any delay in its receipt. Stephan Weaver [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 08/02/2005 07:26 PM To freebsd-questions@freebsd.org cc Subject Networking with FreeBSD Hello Everyone. We are going to be connecting our Stores to our Main Head Office Via Fiber. We want to separate our Internal Lan from the store computers. So we have decided to separate them by networks [ip addressing] because of security. Head Office I have 3 Servers in my LAN. And 4 Networks in Total inside of out Head Office. 10.10.10.1 - Pixel Replication Server 192.168.1.1 - Web Based Server [Delivery Server] 192.168.100.1 - File Server Including Internet Users. 192.168.0.1-254 [ Lan ]. The store computers that need to access specific servers, are only on that network. For example. Store 1, Computer 1 Needs to Replicate [he will have an ip of 10.10.10.105] Store 1, Computer 2 [The Delivery Pc]. he will have an ip of 192.168.1.105 Store 1, Computer 3 Will access the File Server by having an ip of 192.168.100.105. Now the Risk involved with this is we have no Real Security, For Example. A Malicious user can easily change his ip address to 192.168.0.105 For Example and Get on our Head Office Internal Network. Which We don't Want. So i would like to Setup, Install And Configure a FreeBSD Based Firewall, that will have 4 Network Cards, and will be placed between Our Head Office Switch, and out Fibre Switch [Wan]. But AFAIK, By Placing all these network cards in the Same Machine, FreeBSD Will Bridge All Those Networks. How Can i keep the networks Separate, and Secure the Servers by Firewalling by ip addressing? I would appreciate Advice / Suggestions / Anything That will give me a better clue on how to secure my network. Yours Sincerely, Stephan Weaver _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Networking with FreeBSD
From: Nikolas Britton [EMAIL PROTECTED] Reply-To: Nikolas Britton [EMAIL PROTECTED] To: Stephan Weaver [EMAIL PROTECTED] CC: [EMAIL PROTECTED], freebsd-questions@freebsd.org Subject: Re: Networking with FreeBSD Date: Tue, 2 Aug 2005 18:26:15 -0500 On 8/2/05, Stephan Weaver [EMAIL PROTECTED] wrote: From: Chuck Swiger [EMAIL PROTECTED] To: Stephan Weaver [EMAIL PROTECTED] CC: freebsd-questions@freebsd.org Subject: Re: Networking with FreeBSD Date: Tue, 02 Aug 2005 14:26:07 -0400 Stephan Weaver wrote: [ ... ] Thank You So Very Much for your quick response. You're welcome. I am familar with firewalling, but i never done something like this. Mabee you can give me an actual Example from my reference. Using my networks ect. Sure, if I had lots of free time and nothing else to do, I could probably write up a security policy, firewall rules, along with pretty network topology diagrams and so forth. But I was up 'til 2AM doing pretty much just that for a client yesterday (*), and I'd rather not spend that much effort again today without a good cause, or at least more beer. :-) There is an expectation on the freebsd lists that you spend your own time to learn about the tasks you want to accomplish before asking other people to repeat what the documentation says for your own specific use case. (Read the docs. Try stuff out. Ask questions which show what you've done and what the specific error message or problem you have is.) What i want to do is seperate the network's on the same wire. Hmm. Why do you want to put separate subnets on the same wire? (What does that mean to you, anyway? Using the same external ISP connection? All boxes all on the same ethernet hub? Something else? Consider IPsec. :-) -- -Chuck (*): Client is in Denmark. They wanted stuff urgently by this morning their time, after getting me something to respond to yesterday at 4PM my time. Bleh, this global outsourcing thing really is overrated What i want to do in a nutshell, Connect all stores together via fibre, and protect my HeadOffice Lan, which will now be connected to all the stores. And Have some sort of security. What fibre? how far are the stores? fibre networking gear? you have fibre going all the way to your stores from HQ? Also, why do you have pixel, httpd, and samba servers on different LANs? Internet | | |WANs 1-4, 192.168.2/24, 192.168.3/24, 192.168.4/24, 192.168.5/24 Firewall -- DMZ 192.168.1/24 - Pixel, httpd, samba | | HQ LAN 192.168.0/24 OR: Internet | | |-WAN, 192.168.2/24 Firewall --- DMZ, 192.168.1/24 - Pixel, httpd | |--- Samba | HQ LAN 192.168.0/24 OR: Internet | | |---WAN(s) Firewall | | HQ LAN Etc. We need more info to help you. Thank you for your concern and quick response everyone. Now i will use your example as mentioned above. I have one quick question though. These WAN's will be on seperate networks because of the /24. correct? So if Wan1 [192.168.2/24] Wants to Connect to our Pixel Server[192.168.1/24] for example He would not be able to communicate because of the /24? Is this correct? If so, how do allow them to communicate? Yours Sincerely Stephan Weaver _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Networking with FreeBSD
On 8/3/05, Stephan Weaver [EMAIL PROTECTED] wrote: From: Nikolas Britton [EMAIL PROTECTED] Internet | | |WANs 1-4, 192.168.2/24, 192.168.3/24, 192.168.4/24, 192.168.5/24 Firewall -- DMZ 192.168.1/24 - Pixel, httpd, samba | | HQ LAN 192.168.0/24 OR: Internet | | |-WAN, 192.168.2/24 Firewall --- DMZ, 192.168.1/24 - Pixel, httpd | |--- Samba | HQ LAN 192.168.0/24 OR: Internet | | |---WAN(s) Firewall | | HQ LAN Etc. We need more info to help you. Thank you for your concern and quick response everyone. Now i will use your example as mentioned above. I have one quick question though. These WAN's will be on seperate networks because of the /24. correct? Yes, 24 = class C = netmask of 255.255.255.0 http://public.pacbell.net/dedicated/cidr.html So if Wan1 [192.168.2/24] Wants to Connect to our Pixel Server[192.168.1/24] for example He would not be able to communicate because of the /24? Is this correct? Yes because they are on different networks. you will need a router for them to communicate. If so, how do allow them to communicate? firewall = firewall, router, gateway, bridge, etc. with FreeBSD and the right software it will do all of that transparently. Setup a test lab of some sorts, start with this layout and work your way up until you understand what it's doing: Internet | | |---WAN(s) 192.168.1/24 Firewall | | HQ LAN 192.168.0/24 You will need 3 PCs; one for the LAN, one on the WAN1 side and one for the firewall. For the firewall you will be using m0n0wall, 48MB ram (minimum) and 3 network cards. http://en.wikipedia.org/wiki/M0n0wall http://m0n0.ch/wall/download.php?file=generic-pc-1.2b9.img http://m0n0.ch/wall/installation_generic.php http://m0n0.ch/wall/quickstart/ http://www.tomsnetworking.com/Reviews-161-ProdID-MONOWALL.php http://www.tomsnetworking.com/Reviews-161-ProdID-MONOWALL.php If you need any help setting it up etc. just ask me, I started using it sometime late in 2003 so I probably have more experience using the software then most people you'll run across ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Networking with FreeBSD
Stephan Weaver wrote: Hello Everyone. We are going to be connecting our Stores to our Main Head Office Via Fiber. We want to separate our Internal Lan from the store computers. So we have decided to separate them by networks [ip addressing] because of security. Head Office I have 3 Servers in my LAN. And 4 Networks in Total inside of out Head Office. 10.10.10.1 - Pixel Replication Server 192.168.1.1 - Web Based Server [Delivery Server] 192.168.100.1 - File Server Including Internet Users. 192.168.0.1-254 [ Lan ]. The store computers that need to access specific servers, are only on that network. For example. Store 1, Computer 1 Needs to Replicate [he will have an ip of 10.10.10.105] Store 1, Computer 2 [The Delivery Pc]. he will have an ip of 192.168.1.105 Store 1, Computer 3 Will access the File Server by having an ip of 192.168.100.105. Now the Risk involved with this is we have no Real Security, For Example. A Malicious user can easily change his ip address to 192.168.0.105 For Example and Get on our Head Office Internal Network. Which We don't Want. So i would like to Setup, Install And Configure a FreeBSD Based Firewall, that will have 4 Network Cards, and will be placed between Our Head Office Switch, and out Fibre Switch [Wan]. But AFAIK, By Placing all these network cards in the Same Machine, FreeBSD Will Bridge All Those Networks. How Can i keep the networks Separate, and Secure the Servers by Firewalling by ip addressing? I would appreciate Advice / Suggestions / Anything That will give me a better clue on how to secure my network. Yours Sincerely, Stephan Weaver This is probably not Real Helpful(tm), but maybe we can get the ball rolling here (so I've included your entire post) --- I'm looking at m0n0wall (http://m0n0.ch/wall) to do a little of this on a smaller scale --- basically just keeping 2 LAN's on the same wire seperate from one another, and limiting access to the big bad Net via a captive portal. Not sure if it would be any help to you, however Kevin Kinsey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Networking with FreeBSD
On Tue, 2 Aug 2005, Stephan Weaver wrote: Hello Everyone. We are going to be connecting our Stores to our Main Head Office Via Fiber. We want to separate our Internal Lan from the store computers. So we have decided to separate them by networks [ip addressing] because of security. Head Office I have 3 Servers in my LAN. And 4 Networks in Total inside of out Head Office. 10.10.10.1 - Pixel Replication Server 192.168.1.1 - Web Based Server [Delivery Server] 192.168.100.1 - File Server Including Internet Users. 192.168.0.1-254 [ Lan ]. The store computers that need to access specific servers, are only on that network. For example. Store 1, Computer 1 Needs to Replicate [he will have an ip of 10.10.10.105] Store 1, Computer 2 [The Delivery Pc]. he will have an ip of 192.168.1.105 Store 1, Computer 3 Will access the File Server by having an ip of 192.168.100.105. Now the Risk involved with this is we have no Real Security, For Example. A Malicious user can easily change his ip address to 192.168.0.105 For Example and Get on our Head Office Internal Network. Which We don't Want. So i would like to Setup, Install And Configure a FreeBSD Based Firewall, that will have 4 Network Cards, and will be placed between Our Head Office Switch, and out Fibre Switch [Wan]. But AFAIK, By Placing all these network cards in the Same Machine, FreeBSD Will Bridge All Those Networks. How Can i keep the networks Separate, and Secure the Servers by Firewalling by ip addressing? I would appreciate Advice / Suggestions / Anything That will give me a better clue on how to secure my network. Yours Sincerely, Stephan Weaver I can tell you as of right now that you're going to have to setup a NAT with your FreeBSD box acting as the gateway using something like ipf, ipfilter, etc. However, I have little experience with this, and depending on what you want in terms of user interaction, different solutions will pose certain pros and cons. Also, no one outside of the network can just change their IP address to 192.168.0.x because the 192.168.x.y IP address blocks are reserved as Class C addresses which under all correct implementations of IP physically inaccessible outside the network. Therefore, that isn't so much of an issue... however, it still doesn't hurt to have a firewall because you don't want someone tunnelling in and wreaking havok on your network. That is of course if the information you listed above was in fact what's currently implemented as opposed to what should be implemented. Just a few minor thoughts. -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Networking with FreeBSD
From: Garrett Cooper [EMAIL PROTECTED] To: Stephan Weaver [EMAIL PROTECTED] CC: freebsd-questions@freebsd.org Subject: Re: Networking with FreeBSD Date: Tue, 2 Aug 2005 10:10:44 -0700 (PDT) On Tue, 2 Aug 2005, Stephan Weaver wrote: Hello Everyone. We are going to be connecting our Stores to our Main Head Office Via Fiber. We want to separate our Internal Lan from the store computers. So we have decided to separate them by networks [ip addressing] because of security. Head Office I have 3 Servers in my LAN. And 4 Networks in Total inside of out Head Office. 10.10.10.1 - Pixel Replication Server 192.168.1.1 - Web Based Server [Delivery Server] 192.168.100.1 - File Server Including Internet Users. 192.168.0.1-254 [ Lan ]. The store computers that need to access specific servers, are only on that network. For example. Store 1, Computer 1 Needs to Replicate [he will have an ip of 10.10.10.105] Store 1, Computer 2 [The Delivery Pc]. he will have an ip of 192.168.1.105 Store 1, Computer 3 Will access the File Server by having an ip of 192.168.100.105. Now the Risk involved with this is we have no Real Security, For Example. A Malicious user can easily change his ip address to 192.168.0.105 For Example and Get on our Head Office Internal Network. Which We don't Want. So i would like to Setup, Install And Configure a FreeBSD Based Firewall, that will have 4 Network Cards, and will be placed between Our Head Office Switch, and out Fibre Switch [Wan]. But AFAIK, By Placing all these network cards in the Same Machine, FreeBSD Will Bridge All Those Networks. How Can i keep the networks Separate, and Secure the Servers by Firewalling by ip addressing? I would appreciate Advice / Suggestions / Anything That will give me a better clue on how to secure my network. Yours Sincerely, Stephan Weaver I can tell you as of right now that you're going to have to setup a NAT with your FreeBSD box acting as the gateway using something like ipf, ipfilter, etc. However, I have little experience with this, and depending on what you want in terms of user interaction, different solutions will pose certain pros and cons. Also, no one outside of the network can just change their IP address to 192.168.0.x because the 192.168.x.y IP address blocks are reserved as Class C addresses which under all correct implementations of IP physically inaccessible outside the network. Therefore, that isn't so much of an issue... however, it still doesn't hurt to have a firewall because you don't want someone tunnelling in and wreaking havok on your network. That is of course if the information you listed above was in fact what's currently implemented as opposed to what should be implemented. Just a few minor thoughts. -Garrett Nothing is implimented as yet, i am looking for solutions. Thanks EVERYONE! Love You Guys stephan weaver _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Networking with FreeBSD
Stephan Weaver wrote: [ ... ] But AFAIK, By Placing all these network cards in the Same Machine, FreeBSD Will Bridge All Those Networks. FreeBSD is well-behaved in terms of security. It will not act as a layer-2 bridge or as a layer-3 IP router/firewall, unless and until you tell it to do so. See the options set in /etc/rc.conf and /etc/defaults/rc.conf such as: gateway_enable=NO # Set to YES if this host will be a gateway. router_enable=NO # Set to YES to enable a routing daemon. firewall_enable=NO# Set to YES to enable firewall functionality firewall_script=/etc/rc.firewall # Which script to run to set up the firewall firewall_type=UNKNOWN # Firewall type (see /etc/rc.firewall) ...or man bridge. How Can i keep the networks Separate, and Secure the Servers by Firewalling by ip addressing? Well, if you set the machines up on three or four seperate subnets, each on a seperate collision domain (ie, each with it's own hub or switch VLAN), you can firewall traffic both by subnet and by individual IPs. A proper ruleset will integrate anti-spoofing rules which will prevent a machine from sending traffic as if it were an IP on another subnet, or at least prevent the traffic from going through the firewall to reach your private internal networks. Obviously, you want to keep untrusted machines on another subnet than the servers you are protecting. Go read Building Internet Firewalls published by O'Reilley, as well as http://www.ietf.org/rfc/rfc2196.txt... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Networking with FreeBSD
From: Chuck Swiger [EMAIL PROTECTED] To: Stephan Weaver [EMAIL PROTECTED] CC: freebsd-questions@freebsd.org Subject: Re: Networking with FreeBSD Date: Tue, 02 Aug 2005 13:38:27 -0400 Stephan Weaver wrote: [ ... ] But AFAIK, By Placing all these network cards in the Same Machine, FreeBSD Will Bridge All Those Networks. FreeBSD is well-behaved in terms of security. It will not act as a layer-2 bridge or as a layer-3 IP router/firewall, unless and until you tell it to do so. See the options set in /etc/rc.conf and /etc/defaults/rc.conf such as: gateway_enable=NO # Set to YES if this host will be a gateway. router_enable=NO # Set to YES to enable a routing daemon. firewall_enable=NO# Set to YES to enable firewall functionality firewall_script=/etc/rc.firewall # Which script to run to set up the firewall firewall_type=UNKNOWN # Firewall type (see /etc/rc.firewall) ...or man bridge. How Can i keep the networks Separate, and Secure the Servers by Firewalling by ip addressing? Well, if you set the machines up on three or four seperate subnets, each on a seperate collision domain (ie, each with it's own hub or switch VLAN), you can firewall traffic both by subnet and by individual IPs. A proper ruleset will integrate anti-spoofing rules which will prevent a machine from sending traffic as if it were an IP on another subnet, or at least prevent the traffic from going through the firewall to reach your private internal networks. Obviously, you want to keep untrusted machines on another subnet than the servers you are protecting. Go read Building Internet Firewalls published by O'Reilley, as well as http://www.ietf.org/rfc/rfc2196.txt... -- -Chuck Thank You So Very Much for your quick response. I am familar with firewalling, but i never done something like this. Mabee you can give me an actual Example from my reference. Using my networks ect. What i want to do is seperate the network's on the same wire. _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Networking with FreeBSD
Stephan Weaver wrote: [ ... ] Thank You So Very Much for your quick response. You're welcome. I am familar with firewalling, but i never done something like this. Mabee you can give me an actual Example from my reference. Using my networks ect. Sure, if I had lots of free time and nothing else to do, I could probably write up a security policy, firewall rules, along with pretty network topology diagrams and so forth. But I was up 'til 2AM doing pretty much just that for a client yesterday (*), and I'd rather not spend that much effort again today without a good cause, or at least more beer. :-) There is an expectation on the freebsd lists that you spend your own time to learn about the tasks you want to accomplish before asking other people to repeat what the documentation says for your own specific use case. (Read the docs. Try stuff out. Ask questions which show what you've done and what the specific error message or problem you have is.) What i want to do is seperate the network's on the same wire. Hmm. Why do you want to put separate subnets on the same wire? (What does that mean to you, anyway? Using the same external ISP connection? All boxes all on the same ethernet hub? Something else? Consider IPsec. :-) -- -Chuck (*): Client is in Denmark. They wanted stuff urgently by this morning their time, after getting me something to respond to yesterday at 4PM my time. Bleh, this global outsourcing thing really is overrated ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Networking with FreeBSD
On 8/2/05, Kevin Kinsey [EMAIL PROTECTED] wrote: Stephan Weaver wrote: Hello Everyone. We are going to be connecting our Stores to our Main Head Office Via Fiber. We want to separate our Internal Lan from the store computers. So we have decided to separate them by networks [ip addressing] because of security. Head Office I have 3 Servers in my LAN. And 4 Networks in Total inside of out Head Office. 10.10.10.1 - Pixel Replication Server 192.168.1.1 - Web Based Server [Delivery Server] 192.168.100.1 - File Server Including Internet Users. 192.168.0.1-254 [ Lan ]. The store computers that need to access specific servers, are only on that network. For example. Store 1, Computer 1 Needs to Replicate [he will have an ip of 10.10.10.105] Store 1, Computer 2 [The Delivery Pc]. he will have an ip of 192.168.1.105 Store 1, Computer 3 Will access the File Server by having an ip of 192.168.100.105. Now the Risk involved with this is we have no Real Security, For Example. A Malicious user can easily change his ip address to 192.168.0.105 For Example and Get on our Head Office Internal Network. Which We don't Want. So i would like to Setup, Install And Configure a FreeBSD Based Firewall, that will have 4 Network Cards, and will be placed between Our Head Office Switch, and out Fibre Switch [Wan]. But AFAIK, By Placing all these network cards in the Same Machine, FreeBSD Will Bridge All Those Networks. How Can i keep the networks Separate, and Secure the Servers by Firewalling by ip addressing? I would appreciate Advice / Suggestions / Anything That will give me a better clue on how to secure my network. Yours Sincerely, Stephan Weaver This is probably not Real Helpful(tm), but maybe we can get the ball rolling here (so I've included your entire post) --- I'm looking at m0n0wall (http://m0n0.ch/wall) to do a little of this on a smaller scale --- basically just keeping 2 LAN's on the same wire seperate from one another, and limiting access to the big bad Net via a captive portal. Not sure if it would be any help to you, however I'm a big fan of m0n0wall! The thing can do just about anything and it's so easy to setup and maintain it. This problem should be a simple fix... Treat your connections to the stores as if it where a connection the public Internet! If I wanted to connect my LAN/Servers to the Internet then I would setup a firewall (m0n0wall) that has a deny all policy. After I've done that I would setup some pass rules like, store server with the IP address of xyz can access HQ server that has the IP address of xyz only on port xyz. If you want you could setup a DMZ and put your HQ servers there. All WANs, MANs, 802.11x, Ethernet over AC power lines, etc. should always be treated like the public Internet. m0n0wall can do everything you need... Have you thought about site to site VPNs using the Internet to connect the stores?... what kind of bandwidth do you need? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Networking with FreeBSD
From: Chuck Swiger [EMAIL PROTECTED] To: Stephan Weaver [EMAIL PROTECTED] CC: freebsd-questions@freebsd.org Subject: Re: Networking with FreeBSD Date: Tue, 02 Aug 2005 14:26:07 -0400 Stephan Weaver wrote: [ ... ] Thank You So Very Much for your quick response. You're welcome. I am familar with firewalling, but i never done something like this. Mabee you can give me an actual Example from my reference. Using my networks ect. Sure, if I had lots of free time and nothing else to do, I could probably write up a security policy, firewall rules, along with pretty network topology diagrams and so forth. But I was up 'til 2AM doing pretty much just that for a client yesterday (*), and I'd rather not spend that much effort again today without a good cause, or at least more beer. :-) There is an expectation on the freebsd lists that you spend your own time to learn about the tasks you want to accomplish before asking other people to repeat what the documentation says for your own specific use case. (Read the docs. Try stuff out. Ask questions which show what you've done and what the specific error message or problem you have is.) What i want to do is seperate the network's on the same wire. Hmm. Why do you want to put separate subnets on the same wire? (What does that mean to you, anyway? Using the same external ISP connection? All boxes all on the same ethernet hub? Something else? Consider IPsec. :-) -- -Chuck (*): Client is in Denmark. They wanted stuff urgently by this morning their time, after getting me something to respond to yesterday at 4PM my time. Bleh, this global outsourcing thing really is overrated What i want to do in a nutshell, Connect all stores together via fibre, and protect my HeadOffice Lan, which will now be connected to all the stores. And Have some sort of security. _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Networking with FreeBSD
On 8/2/05, Stephan Weaver [EMAIL PROTECTED] wrote: From: Chuck Swiger [EMAIL PROTECTED] To: Stephan Weaver [EMAIL PROTECTED] CC: freebsd-questions@freebsd.org Subject: Re: Networking with FreeBSD Date: Tue, 02 Aug 2005 14:26:07 -0400 Stephan Weaver wrote: [ ... ] Thank You So Very Much for your quick response. You're welcome. I am familar with firewalling, but i never done something like this. Mabee you can give me an actual Example from my reference. Using my networks ect. Sure, if I had lots of free time and nothing else to do, I could probably write up a security policy, firewall rules, along with pretty network topology diagrams and so forth. But I was up 'til 2AM doing pretty much just that for a client yesterday (*), and I'd rather not spend that much effort again today without a good cause, or at least more beer. :-) There is an expectation on the freebsd lists that you spend your own time to learn about the tasks you want to accomplish before asking other people to repeat what the documentation says for your own specific use case. (Read the docs. Try stuff out. Ask questions which show what you've done and what the specific error message or problem you have is.) What i want to do is seperate the network's on the same wire. Hmm. Why do you want to put separate subnets on the same wire? (What does that mean to you, anyway? Using the same external ISP connection? All boxes all on the same ethernet hub? Something else? Consider IPsec. :-) -- -Chuck (*): Client is in Denmark. They wanted stuff urgently by this morning their time, after getting me something to respond to yesterday at 4PM my time. Bleh, this global outsourcing thing really is overrated What i want to do in a nutshell, Connect all stores together via fibre, and protect my HeadOffice Lan, which will now be connected to all the stores. And Have some sort of security. What fibre? how far are the stores? fibre networking gear? you have fibre going all the way to your stores from HQ? Also, why do you have pixel, httpd, and samba servers on different LANs? Internet | | |WANs 1-4, 192.168.2/24, 192.168.3/24, 192.168.4/24, 192.168.5/24 Firewall -- DMZ 192.168.1/24 - Pixel, httpd, samba | | HQ LAN 192.168.0/24 OR: Internet | | |-WAN, 192.168.2/24 Firewall --- DMZ, 192.168.1/24 - Pixel, httpd | |--- Samba | HQ LAN 192.168.0/24 OR: Internet | | |---WAN(s) Firewall | | HQ LAN Etc. We need more info to help you. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Networking w/ FreeBSD
On Jun 1, 2004, at 2:07 PM, [EMAIL PROTECTED] wrote: My question is this: How would I set something up to perform the same functionality, as when I had windows? I'm just not sure what needs to be installed on either system? Any ideas or comments would be great! FreeBSD supports mounting Samba/CIFS shares. See man mount_smbfs. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Networking w/ FreeBSD
On Tue, 1 Jun 2004 [EMAIL PROTECTED] wrote: I have two computers systems in my network. The first system is a headless FreeBSD 5.2.1 system. This system stores my mp3's, datafiles and runs mysql and apache. I recently, got rid of windows off my laptop and installed FreeBSD 5.2.1. When I had windows on the laptop, I was able to Map a Network drive to the headless system via Samba runing on the server. My question is this: How would I set something up to perform the same functionality, as when I had windows? I'm just not sure what needs to be installed on either system? Any ideas or comments would be great! You can run the Samba client software on the laptop, or change the file sharing on the server to NFS. Or, of course, you could change both to some third sharing solution. Which depends on your assessment of the pros/cons of each; performance, interoperability (do you potentially have other machines that need to reach those resources?), security , etc. For the short term, running smbclient on the laptop is probably the quickest way to get your connectivity back with the fewest config changes, if that helps. KeS ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Networking w/ FreeBSD
[EMAIL PROTECTED] wrote: I have two computers systems in my network. The first system is a headless FreeBSD 5.2.1 system. This system stores my mp3's, datafiles and runs mysql and apache. I recently, got rid of windows off my laptop and installed FreeBSD 5.2.1. When I had windows on the laptop, I was able to Map a Network drive to the headless system via Samba runing on the server. My question is this: How would I set something up to perform the same functionality, as when I had windows? I'm just not sure what needs to be installed on either system? Any ideas or comments would be great! NFS (network file system). There is a chapter in the handbook with detailed setup instructions. http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/network-nfs.html Simon signature.asc Description: Digital signature
Re: Networking w/ FreeBSD
I just add an entry in /etc/fstab like this /sbin/mount_smbfs //[EMAIL PROTECTED]/interchk/mnt/interchk I use this command to mount my sophos em library share running on XP to my BSD 5.0 machine and then symbolically link the /mnt/interchk to the root of webserver for remote update via http. - Original Message - From: Kevin Stevens [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, June 01, 2004 2:14 PM Subject: Re: Networking w/ FreeBSD On Tue, 1 Jun 2004 [EMAIL PROTECTED] wrote: I have two computers systems in my network. The first system is a headless FreeBSD 5.2.1 system. This system stores my mp3's, datafiles and runs mysql and apache. I recently, got rid of windows off my laptop and installed FreeBSD 5.2.1. When I had windows on the laptop, I was able to Map a Network drive to the headless system via Samba runing on the server. My question is this: How would I set something up to perform the same functionality, as when I had windows? I'm just not sure what needs to be installed on either system? Any ideas or comments would be great! You can run the Samba client software on the laptop, or change the file sharing on the server to NFS. Or, of course, you could change both to some third sharing solution. Which depends on your assessment of the pros/cons of each; performance, interoperability (do you potentially have other machines that need to reach those resources?), security , etc. For the short term, running smbclient on the laptop is probably the quickest way to get your connectivity back with the fewest config changes, if that helps. KeS ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]