Date: Thu, 8 Jul 2004 11:49:25 -0600 From: Nathan Kinkade <nkinkade@ub.edu.bz> To: Terrence Koeman <root@mediamonks.net> Cc: freebsd-questions@freebsd.org Subject: Re: Network configuration Message-ID: <20040708174925.GA24348@gentoo-npk.bmp.ub> In-Reply-To: <200407081710527.SM07768@manrikigusari> References: <200407081710527.SM07768@manrikigusari>
next in thread | previous in thread | raw e-mail | index | archive | help
--PjLo8P/CG6vpADRe Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 08, 2004 at 05:10:28PM +0200, Terrence Koeman wrote: > Hi, >=20 > I have been busy setting up a network the last 3 days, but I cannot get it > working. >=20 > Basically I have no clue what has to be setup etc. and if I need bridging= or > not. >=20 > The situation is as follows: >=20 > -------------- > | SDSL Modem | > | Bridged | > -------------- > | > -------------------------- > | xl0: 217.1.1.155 | > | | > | Freebsd Box | > | | > | xl1 | > -------------------------- > | =20 > ---------- > |---------------| SWITCH |---------------| > | ---------- | > | | | > ------------------- ------------------- ------------------- > | C1: 217.1.1.156 | | C2: 217.1.1.157 | | C3: 217.1.1.158 | > ------------------- ------------------- ------------------- >=20 >=20 > The FreeBSD box has full internet connectivity and I can also get NAT > working, but the thing is that I need those non-private IP's bound to the > clients and I need ipfw between the clients and the modem. Also I need the > FreeBSD machine to have a non-private IP address. I have no clue as to > getting the packets from those clients to the internet. I tried bridging = xl0 > and xl1 and using 217.1.1.155 as gateway, but that didn't work. >=20 > Maybe someone that knows how to do something like this can shed some light > on it for me? >=20 > Thanks in advance. >=20 > --=20 > Regards, > Terrence Koeman You could make the FreeBSD box a bridge and still use IFPW. It really depends on whether you will have other clients that will NOT have public IP addresses that will need NAT - you don't specify whether this is the case. For FreeBSD to be setup as a bridge/IPFW machine you will minimally need a kernel compiled with the following options: options IPFIREWALL options BRIDGE After you have built and installed this kernel add the following entries to /etc/sysctl.conf: net.link.ether.bridge=3D1 net.link.ether.bridge_cfg=3Dxl0,xl1 net.link.ether.bridge_ipfw=3D1 net.inet.ip.fw.enable=3D0 You will probably want to add the following lines to /etc/rc.conf so that some IPFW rules will be loaded at boot: firewall_enable=3D"YES" firewall_type=3D"<your fw type>" Read the firewall(7) manpage for more information. If you don't have console access to the FreeBSD machine beware that the default rule is to deny packets. Therefore if you build IPFW into the kernel and don't allow for some basic rules to be added at boot you will likely be locked out from anything but console access. Nathan --=20 PGP Public Key: pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0xD8527E49 --PjLo8P/CG6vpADRe Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA7YklO0ZIEthSfkkRAoqHAKDMvDQowlDC96pzr+AQnh9jjEezwQCePyRN 0zq5ABE8z1TZGYPXRMHTF7s= =Ho+r -----END PGP SIGNATURE----- --PjLo8P/CG6vpADRe--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040708174925.GA24348>