From owner-freebsd-questions@FreeBSD.ORG  Thu Jul  8 19:14:14 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7377916A4CE
	for <freebsd-questions@freebsd.org>;
	Thu,  8 Jul 2004 19:14:14 +0000 (GMT)
Received: from out2.smtp.messagingengine.com (out2.smtp.messagingengine.com
	[66.111.4.26])	by mx1.FreeBSD.org (Postfix) with ESMTP id 0948743D55
	for <freebsd-questions@freebsd.org>;
	Thu,  8 Jul 2004 19:14:13 +0000 (GMT)
	(envelope-from nkinkade@fastmail.fm)
X-Sasl-enc: 7vHHpqhL/Yb4sJdUPzxlSw 1089314025
Received: from gentoo-npk.bmp.ub (unknown [206.27.244.136])
	by www.fastmail.fm (Postfix) with ESMTP id 8222AC1198C;
	Thu,  8 Jul 2004 15:13:45 -0400 (EDT)
Received: from nkinkade by gentoo-npk.bmp.ub with local (Exim 4.21)
	id 1Bid1R-0003vP-S0; Thu, 08 Jul 2004 11:49:25 -0600
Date: Thu, 8 Jul 2004 11:49:25 -0600
From: Nathan Kinkade <nkinkade@ub.edu.bz>
To: Terrence Koeman <root@mediamonks.net>
Message-ID: <20040708174925.GA24348@gentoo-npk.bmp.ub>
Mail-Followup-To: Terrence Koeman <root@mediamonks.net>,
	freebsd-questions@freebsd.org
References: <200407081710527.SM07768@manrikigusari>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="PjLo8P/CG6vpADRe"
Content-Disposition: inline
In-Reply-To: <200407081710527.SM07768@manrikigusari>
User-Agent: Mutt/1.5.6i
Sender: <nkinkade@gentoo-npk.bmp.ub>
cc: freebsd-questions@freebsd.org
Subject: Re: Network configuration
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Nathan Kinkade <nkinkade@ub.edu.bz>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jul 2004 19:14:14 -0000


--PjLo8P/CG6vpADRe
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Jul 08, 2004 at 05:10:28PM +0200, Terrence Koeman wrote:
> Hi,
>=20
> I have been busy setting up a network the last 3 days, but I cannot get it
> working.
>=20
> Basically I have no clue what has to be setup etc. and if I need bridging=
 or
> not.
>=20
> The situation is as follows:
>=20
>                     --------------
>                     | SDSL Modem |
>                     |  Bridged   |
>                     --------------
>                        |
>                 --------------------------
>                 |    xl0: 217.1.1.155    |
>                 |                        |
>                 |    Freebsd Box         |
>                 |                        |
>                 |           xl1          |
>                 --------------------------
>                              |   =20
>                          ----------
>          |---------------| SWITCH |---------------|
>          |               ----------               |
>          |                    |                   |
> ------------------- ------------------- -------------------
> | C1: 217.1.1.156 | | C2: 217.1.1.157 | | C3: 217.1.1.158 |
> ------------------- ------------------- -------------------
>=20
>=20
> The FreeBSD box has full internet connectivity and I can also get NAT
> working, but the thing is that I need those non-private IP's bound to the
> clients and I need ipfw between the clients and the modem. Also I need the
> FreeBSD machine to have a non-private IP address. I have no clue as to
> getting the packets from those clients to the internet. I tried bridging =
xl0
> and xl1 and using 217.1.1.155 as gateway, but that didn't work.
>=20
> Maybe someone that knows how to do something like this can shed some light
> on it for me?
>=20
> Thanks in advance.
>=20
> --=20
> Regards,
> Terrence Koeman

You could make the FreeBSD box a bridge and still use IFPW.  It really
depends on whether you will have other clients that will NOT have public
IP addresses that will need NAT - you don't specify whether this is the
case.  For FreeBSD to be setup as a bridge/IPFW machine you will
minimally need a kernel compiled with the following options:

options         IPFIREWALL
options         BRIDGE

After you have built and installed this kernel add the following entries
to /etc/sysctl.conf:

net.link.ether.bridge=3D1
net.link.ether.bridge_cfg=3Dxl0,xl1
net.link.ether.bridge_ipfw=3D1
net.inet.ip.fw.enable=3D0

You will probably want to add the following lines to /etc/rc.conf so
that some IPFW rules will be loaded at boot:

firewall_enable=3D"YES"
firewall_type=3D"<your fw type>"

Read the firewall(7) manpage for more information.

If you don't have console access to the FreeBSD machine beware that the
default rule is to deny packets.  Therefore if you build IPFW into the
kernel and don't allow for some basic rules to be added at boot you will
likely be locked out from anything but console access.

Nathan
--=20
PGP Public Key: pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0xD8527E49

--PjLo8P/CG6vpADRe
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA7YklO0ZIEthSfkkRAoqHAKDMvDQowlDC96pzr+AQnh9jjEezwQCePyRN
0zq5ABE8z1TZGYPXRMHTF7s=
=Ho+r
-----END PGP SIGNATURE-----

--PjLo8P/CG6vpADRe--