Date: Mon, 01 Jul 96 02:02:01 -0300 From: "Ricardo AG" <ag@centroin.com.br> To: "doc@freebsd.org" <doc@freebsd.org> Subject: FreeBSD network setup Message-ID: <199607010504.CAA18935@trex.centroin.com.br>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
I wrote a not-so-small text about setting up several
network items using FreeBSD, as IP addresses, named setup,
PPP setup and a proxy setup (using CERN httpd 3.0). Maybe
it will be useful for the handbook.
As my english is not good, I will be glad to receive
feedbacks before translating the text to SGML.
I am attacching it to this message, in MIME format.
[]'s
Ricardo AG
[-- Attachment #2 --]
SETTING UP NAMED, PPP AND A PROXY USING FREEBSD
-----------------------------------------------
Ricardo AG Almeida (ricardag@ag.com.br/ag@centroin.com.br)
Maybe one of the most frequent questions asked by novice FreeBSD
users is "Ok, I had set up my FreeBSD box; but how can I connect
this box (and, perhaps, my whole network) to the Internet via a
dial-up or permanent PPP connection?"
Well, I had asked myself this question some months ago. As long
as I had found a way (certainly it's not the better solution, but
it is working to me), let me show you how I set it up.
1) Case study
-------------
As long as it's easier to explain how to do by example, let me show
you what I had done.
First, I had set up an internal TCP/IP-based network using one
FreeBSD box working as an file and print server. The client
stations runs OS/2, Windows NT, Windows 95 and - of course -
FreeBSD.
This was a relatively easy task, and my "Intranet" was up and
running in a couple of days.
So, I decided to connect the whole network to the Internet, via a
dial-up connection to my ISP using PPP. And the problems started to
pop...
2) IP Addresses and etc.
-----------------------
First, I had discovered that my initial IP address allocation must
be changed. I had built my net choosing random IP adresses, and too
late I realized that when I connect this network to the Internet
there will be addresses conflicts.
Choosing the correct IP addresses is very important if you wish to
connect to the Internet. Even if you don't have this need today,
think ahead and start doing the right thing now!
The second thing is the connectivity. My ISP assigns me a dynamic
IP address each time I connect, and only one address. How can I
connect the several stations to the ISP, for concurrent use, with
only one address?
The answer I had, asking my friends, was: "Use a Proxy!"
Looking for a proxy that runs with FreeBSD, I had found the CERN
httpd - it's a HTTP (WWW) server that can act as a proxy, too.
So, after all these things, I had realized that I needed to:
a) set up my network with the rigth IP adresses;
b) set up my name server;
c) use a Proxy;
d) set up the PPP connection;
e) dial up my ISP;
Lets see how to do this, step by step.
Note that you are using a standalone FreeBSD box, you can skip the
Proxy setup, as long as it's not needed in this case.
3) Assigning the correct IP addresses
-------------------------------------
I had to change all the IP addresses in use to meet the private IP
address subranging. I had chosen the private Class-A range
10.x.x.x, and my net has now the following internal adresses:
Client 1 10.0.0.1
Client 2 10.0.0.2
.
.
.
Server (FreeBSD) 10.0.0.99
These are safe addresses to use, since they never will be assigned
by the InterNIC to any official Internet site.
4) Setting up the name server
--------------------------
The second step was set up my DNS. To accomplish this task, I must
start "named" with the correct settings.
In the following examples, the choosen domain name was "ag.com.br".
You must replace all the occurrences of this name with your own
domain.
Pay attention that "ag.com.br" is my domain name, not the ISP domain
name!
The name server setup is useful even if you don't plan to connect
you network to the Internet. Is easier, for instance, to telnet
"server@ag.com.br" than remembering to telnet 10.0.0.99. And if you
need to change some IP address, there will be only one place to
change.
To set up your name server, you must change (or create) the following
files:
4.1) /etc/sysconfig
--------------
Set to the name of your host - this is pretty important!
hostname="ptero.ag.com.br"
Be sure that the following settings are also present:
defaultdomainname=NO
defaultrouter=NO
routedflags="-s"
namedflags="-b /etc/namedb/named.boot"
gateway=NO
gated=NO
4.2) /etc/namedb/named.boot
----------------------
This file must have the following content:
directory /etc/namedb
primary ag.com.br ag.hosts
primary 0.0.10.IN-ADDR.ARPA ag.rev
primary 0.0.127.IN-ADDR.ARPA localhost.rev
cache . named.root
Remember that "ag.com.br" must be replaced by your own domain name,
and that I assume that your internal net uses the 10.0.0.x IP
addresses.
If you don't have a net, but a standalone FreeBSD box, you must set
the named.boot as following:
directory /etc/namedb
primary 0.0.127.IN-ADDR.ARPA localhost.rev
cache . named.root
and, of course, in this case there is no need to set up ag.hosts and
ag.rev.
4.3) /etc/namedb/ag.hosts
--------------------
This file describes the names in the internal network, and must have
a content like this:
@ IN SOA ptero.ag.com.br. root.ptero.ag.com.br. (
9606252104 ; Serial
3600 ; Refresh
300 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS ptero.ag.com.br.
localhost IN A 127.0.0.1
ptero IN A 10.0.0.99
ricardo IN A 10.0.0.2
gustavo IN A 10.0.0.1
www IN CNAME ptero
ftp IN CNAME ptero
ptero IN MX 0 ptero
ricardo IN MX 0 ptero
gustavo IN MX 0 ptero
ag.com.br IN MX 0 ptero
Notes:
1) I used the date and time of each edit as the serial number.
In this example, the file was last modified at Jun 25, 1996
at 21:04;
1) The server name is "ptero", and there are two stations named
"ricardo" and "gustavo";
2) The addresses are: ptero 10.0.0.99, ricardo 10.0.0.2 and
gustavo 10.0.0.1;
3) I had set up two aliases to the server: "www" and "ftp". So,
to reach my server, someone may use any of "ptero.ag.com.br",
"www.ag.com.br" and "ftp.ag.com.br". Any one of these names
leads to the 10.0.0.99 machine.
4.4) /etc/namedb/ag.rev
------------------
This file resolves the IP addresses to the station names. It's
contents must be synchronized with ag.hosts, so:
@ IN SOA ptero.ag.com.br. root.ptero.ag.com.br. (
9606252104 ; Serial
3600 ; Refresh
300 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS ptero.ag.com.br.
1 IN PTR gustavo.ag.com.br
2 IN PTR ricardo.ag.com.br
99 IN PTR ptero.ag.com.br
Notes:
1) I used the date and time of each edit as the serial number.
In this example, the file was last modified at Jun 25, 1996
at 21:04;
1) The server name is "ptero", and there are two stations named
"ricardo" and "gustavo";
2) The addresses are: ptero 10.0.0.99, ricardo 10.0.0.2 and
gustavo 10.0.0.1;
4.5) /etc/namedb/localhost.rev
-------------------------
This file is automatically edited by the 'make-localhost' script in
the /etc/namedb directory, but it's contents is:
@ IN SOA ptero.ag.com.br. root.ptero.ag.com.br. (
960625 ; Serial
3600 ; Refresh
300 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS ptero.ag.com.br.
99 IN PTR localhost.ag.com.br.
5) Setting up the Proxy
--------------------
As the Proxy server, I choosed the CERN httpd version 3.0. It's
freely available at http://www.w3.org, and you must retrieve the
source code for the server and for the WWW library before you compile
it under FreeBSD.
If you don't know how to build a port, refer to the appropriate
document in the FreeBSD Handbook. It's easy.
In my example, I had set up the httpd file at /usr/local/libexec,
and the server_root dir at /usr/local/cern-httpd/server_root.
Once you compiled the httpd server, you must set up it's config
file:
5.1) /etc/httpd.conf
---------------
You can use, for start, the supplied proxy.conf file as a base to
create httpd.conf. You must change, only, the line that stays:
ServerRoot /where/ever/cern_httpd
to
ServerRoot /usr/local/cern-httpd
Read the CERN docs if you want to know more about it. For now,
this is the only change needed to get working.
5.2) /etc/rc.local
-------------
Include, at the end of rc.local, the following lines:
echo 'Starting CERN httpd'
/usr/local/libexec/httpd -d -p 80
It will start the proxy at each boot as a daemon (the "-d" option).
The "-p 80" argument stands for the proxy using port 80. In my case,
it was adequate.
5.3) /etc/sysconfig
--------------
Be sure that the following line is set up in the sysconfig file:
apache_httpd="NO"
It will assure that you are running only one httpd server.
If you are already using Apache, you have two choices:
a) Copy the html files and related stuff (images, scripts, etc)
to the CERN data directory (in this example,
/usr/local/cern-httpd/server_root/data;
b) Wait until Apache works as a proxy (there is a beta version
available at the time this document is being written).
6) Setting up the PPP connection
-----------------------------
I choosed to set up the PPP connection using the stand-alone PPP
(aka IIJ-PPP) instead of building a kernel and use pppd.
To use PPP, you must set the following files:
6.1) /etc/ppp/ppp.conf
-----------------
In this example, my provider is called CIP, my modem is set up at
the COM1 (so I use the /dev/cuaa0 device), and the speed is locked
at 57600 bps:
#
# Default setup. Executed always when PPP is invoked.
#
default:
set debug none
disable pred1
deny pred1
disable lqr
deny lqr
set timeout 600
CIP:
set device /dev/cuaa0
set speed 57600
set timeout 120
set ifaddr 0 0
6.2) /etc/ppp/ppp.linkup
-------------------
Here is the contents of my ppp.linkup file:
MYADDR:
add 0 0 HISADDR
6.3) /etc/ttys
---------
In order to set up the modem, I created the following entry at
/etc/ttys:
# Serial terminals
ttyd0 "/usr/libexec/getty std.57600" vt100 on
(I choose vt100 as terminal because I can dial from home)
6.4) /etc/gettytab
-------------
Set up an entry to 57600 bps locked baud rate:
std.57600|57600-baud:\
:np:sp#57600:
6.5) /etc/rc.serial
--------------
Initialize the comm port correctly; locate for
# Edit the functions and the examples to suit your system.
#
# maybe 0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m
# mouse 2
# modem 0 1
# terminal 0
and insert, after it, the following line:
modem 0
Note that I presume that your modem is in the COM1 port. If you have
the modem at COM2:, replace with "modem 1", at COM3: with "modem 2"
and so on.
7) Dial up the ISP
---------------
Now is the so awaited moment: connect with the ISP!
I know that I must have built a dial script for this job be more
complete. But in a couple of weeks I will have a permanent PPP link
with my ISP, so I choose not to write it. If someone have a step-by-step
guide on how to do this, feel free to add it at this point... For
now, you can dial by hand.
Before start, you must put all the changes in effect. The easiest
way to do this is rebooting the server (yes, I know that it's not
wise to do this, but I'm lazy...)
Log-on in the server as root (because the port is owned by getty),
and starts
> ppp CIP
(Remember that in /ppp/etc/conf I had stated that my ISP is called CIP)
You will receive the prompt like:
ppp on ptero> ("ptero" is my server name, do you remember?)
Write "term" and press ENTER to enter terminal mode. Now you are
connected with the modem. Send an "AT" to check that it is working: you
must receive an "OK" answer.
Send now the dial string (for instance, ATDT222-3344), and log in.
Once you are logged, you will receive the ppp prompt but this time
in uppercase:
PPP on ptero>
8) Test at the server
------------------
Open another window and try to "ping" someone in the "outside world":
ping www.freebsd.org
Got it? Good!
Start you favorite browser (for instance, lynx):
lynx http://www.freebsd.org
Got it again? Good! You are now on the air!
9) Test at the stations
--------------------
First, let's test our name server. Try to "ping" the server from
the station:
ping ptero.ag.com.br
Got it? Now try to "ping" outside:
ping www.freebsd.org
Got it again? Good boy!
Now is the time to test the proxy. The trickiest part is that you must
configure the software at the stations to use a proxy. Don't forget
that, in this example, we are started the proxy at ptero.ag.com.br,
and stated that the proxy port is 80. So, configure your software
to use, as proxy, "ptero.ag.com.br:80".
10) Accepting external calls
------------------------
So you want to be an Internet provider? No problem. All you have to
add is another login shell, and do minor changes at the PPP file:
10.1) /etc/shells
-----------
add a line saying:
/usr/local/bin/ppplogin
10.2) /usr/local/ppplogin
-------------------
#!/bin/sh
/usr/sbin/ppp -direct PPPUSERS
10.3) /etc/ppp/ppp.conf
-----------------
default:
set debug none
disable pred1
deny pred1
disable lqr
deny lqr
set timeout 600
PPPUSERS:
set ifaddr 10.0.1.99/25 10.0.1.199/25
For each external user that will connect to you via PPP, replace the
login shell with "ppplogin" when adding the user.
You are now on your own. Good luck and enjoy!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607010504.CAA18935>