Re: IP Sharing on a College campus. Firewall??

From: Marc Rogers (marcr@shady.org)
Date: 08/28/01


Date: Tue, 28 Aug 2001 17:02:20 +0100
From: Marc Rogers <marcr@shady.org>
To: Shane Crounse <scc4809@it.rit.edu>


Look up NAT on the freebsd site

(http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/natd.html)

and look up NAT on the ipfilter site

either of those options will solve your issues.

In a nutshell you will create a NAT gateway that has 1 real ip. Behind it you
will be able to use whatever reserved (192.168.0.0 etc) addresses that you desire.

The only catch to this is that they will be able to contact the outside world,
but the outside world will not be able to contact them. This means if you want
to set up services like shares / ftp / web services you will either have
to assign real ips to those machines, or learn about transparent proxying /
port redirection.

hope this helps,

Marc Rogers
Technical Director
EDC

On Tue, Aug 28, 2001 at 11:51:37AM -0400, Shane Crounse wrote:
> Here is my dilemma. I am a student on a college campus. RIT if you
> couldn’t tell.
> I am in an apartment that has access to the school network. My problem is
> that I am limited in the number of IP addresses I can have. (one or two)
> I have my windows 2k workstation, and at least 3 FreeBSD machines that I
> would like to put on the network. Last year I did it using windows IP
> sharing but I had all windows machines. Is there some way of doing IP
> sharing through one of the BSD machines? Would you suggust a firewall? I
> know that I will be regularly scanned by students. Hack attempts will
> occur. Anybody got any ideas?
>
> I appreciate the assistance in advance.
>
> - I would need to be able to run, SSH, SFTP, FTP, HTTP minimally from all
> the machines.
>
>
>
>
> -Shane Crounse
>
> Department of Information Technology
> Rochester Institute of Technology
> Shane_Crounse@it.rit.edu
>
>
>
>
>
>
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • NAT and traffic shaping
    ... FreeBSD box that will handle NAT for 400 to 600 machines (so figure ... multiple connections per machine) and that can handle a steady 12 to 15 ...
    (freebsd-isp)
  • Re: Performance 4.x vs. 6.x
    ... I have over 800 nodes installed in the field with FreeBSD 6.0 running ... as routers on silly little 1.3Ghz machines with 256MB of RAM. ... regardless of the fact the hardware is fast. ... > support a lot of newer harder. ...
    (freebsd-performance)
  • Re: Performance 4.x vs. 6.x
    ... And everyone on the FreeBSD team knows ... > the day because the machines NEVER die. ... These boxes build 200+ page 300dpi PDF ... >>> support a lot of newer harder. ...
    (freebsd-performance)
  • Re: Linux-HA howto for FreeBSD.
    ... So just make sure you translate any RedHat hardware paths to the FreeBSD paths. ... you need an empty serial port on both machines along with a serial ... You can find more information on linux virtual server at ...
    (freebsd-questions)
  • Re: 100Mbit/s LAN slow, TX only ~3MB/s (esp. file transfer) -- why?
    ... THe realtek driver in freebsd is very poor. ... realtek cards. ... All the machines have 100Mbit/s capable network interfaces, ...
    (freebsd-questions)