From owner-freebsd-questions@FreeBSD.ORG Thu Jul 8 19:14:14 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7377916A4CE for ; Thu, 8 Jul 2004 19:14:14 +0000 (GMT) Received: from out2.smtp.messagingengine.com (out2.smtp.messagingengine.com [66.111.4.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0948743D55 for ; Thu, 8 Jul 2004 19:14:13 +0000 (GMT) (envelope-from nkinkade@fastmail.fm) X-Sasl-enc: 7vHHpqhL/Yb4sJdUPzxlSw 1089314025 Received: from gentoo-npk.bmp.ub (unknown [206.27.244.136]) by www.fastmail.fm (Postfix) with ESMTP id 8222AC1198C; Thu, 8 Jul 2004 15:13:45 -0400 (EDT) Received: from nkinkade by gentoo-npk.bmp.ub with local (Exim 4.21) id 1Bid1R-0003vP-S0; Thu, 08 Jul 2004 11:49:25 -0600 Date: Thu, 8 Jul 2004 11:49:25 -0600 From: Nathan Kinkade To: Terrence Koeman Message-ID: <20040708174925.GA24348@gentoo-npk.bmp.ub> Mail-Followup-To: Terrence Koeman , freebsd-questions@freebsd.org References: <200407081710527.SM07768@manrikigusari> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="PjLo8P/CG6vpADRe" Content-Disposition: inline In-Reply-To: <200407081710527.SM07768@manrikigusari> User-Agent: Mutt/1.5.6i Sender: cc: freebsd-questions@freebsd.org Subject: Re: Network configuration X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Nathan Kinkade List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jul 2004 19:14:14 -0000 --PjLo8P/CG6vpADRe Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 08, 2004 at 05:10:28PM +0200, Terrence Koeman wrote: > Hi, >=20 > I have been busy setting up a network the last 3 days, but I cannot get it > working. >=20 > Basically I have no clue what has to be setup etc. and if I need bridging= or > not. >=20 > The situation is as follows: >=20 > -------------- > | SDSL Modem | > | Bridged | > -------------- > | > -------------------------- > | xl0: 217.1.1.155 | > | | > | Freebsd Box | > | | > | xl1 | > -------------------------- > | =20 > ---------- > |---------------| SWITCH |---------------| > | ---------- | > | | | > ------------------- ------------------- ------------------- > | C1: 217.1.1.156 | | C2: 217.1.1.157 | | C3: 217.1.1.158 | > ------------------- ------------------- ------------------- >=20 >=20 > The FreeBSD box has full internet connectivity and I can also get NAT > working, but the thing is that I need those non-private IP's bound to the > clients and I need ipfw between the clients and the modem. Also I need the > FreeBSD machine to have a non-private IP address. I have no clue as to > getting the packets from those clients to the internet. I tried bridging = xl0 > and xl1 and using 217.1.1.155 as gateway, but that didn't work. >=20 > Maybe someone that knows how to do something like this can shed some light > on it for me? >=20 > Thanks in advance. >=20 > --=20 > Regards, > Terrence Koeman You could make the FreeBSD box a bridge and still use IFPW. It really depends on whether you will have other clients that will NOT have public IP addresses that will need NAT - you don't specify whether this is the case. For FreeBSD to be setup as a bridge/IPFW machine you will minimally need a kernel compiled with the following options: options IPFIREWALL options BRIDGE After you have built and installed this kernel add the following entries to /etc/sysctl.conf: net.link.ether.bridge=3D1 net.link.ether.bridge_cfg=3Dxl0,xl1 net.link.ether.bridge_ipfw=3D1 net.inet.ip.fw.enable=3D0 You will probably want to add the following lines to /etc/rc.conf so that some IPFW rules will be loaded at boot: firewall_enable=3D"YES" firewall_type=3D"" Read the firewall(7) manpage for more information. If you don't have console access to the FreeBSD machine beware that the default rule is to deny packets. Therefore if you build IPFW into the kernel and don't allow for some basic rules to be added at boot you will likely be locked out from anything but console access. Nathan --=20 PGP Public Key: pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0xD8527E49 --PjLo8P/CG6vpADRe Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA7YklO0ZIEthSfkkRAoqHAKDMvDQowlDC96pzr+AQnh9jjEezwQCePyRN 0zq5ABE8z1TZGYPXRMHTF7s= =Ho+r -----END PGP SIGNATURE----- --PjLo8P/CG6vpADRe--