From owner-freebsd-questions@FreeBSD.ORG Sun Aug 9 02:32:31 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 19E9E1065673 for ; Sun, 9 Aug 2009 02:32:31 +0000 (UTC) (envelope-from nlandys@gmail.com) Received: from mail-qy0-f191.google.com (mail-qy0-f191.google.com [209.85.221.191]) by mx1.freebsd.org (Postfix) with ESMTP id CB2988FC19 for ; Sun, 9 Aug 2009 02:32:30 +0000 (UTC) Received: by qyk29 with SMTP id 29so2129113qyk.3 for ; Sat, 08 Aug 2009 19:32:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=PW8knu5Ndg4ypH+cpS5hvt1ehWmB8B6cf52q8Wcl/oQ=; b=bri28ZW5WwehOwSfkHhYZBgKKcW277mv4YsZ+onE1o1Ig3TA4we+UYwhK205Thmi7n tNv+UhjmGwfXfaLcTBcMhKYD3ulE63RGT7399bHi6punuoVUBDiYlJW+GdZX12MJqwC1 B/LZw3Vgh+4AE1PMzVxLDjUyT5tnfCBvpZ4oU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=L/Vm02p5T9a5NefSWZ/NDQ8+0Xa/fNx0f59lv3CF6Ys9GdRCph2reysp3sxBaQ95Sg MWWa5Nw5vT72uCocXj8b2FiK8ku4QUHzULEzcsRGGGkWMWgDjK5wCAMMq1pG2wn6Uhp0 aCkPx2Mble9kUM1DWRsAzQ/hRNIwKEMAyM+BQ= MIME-Version: 1.0 Received: by 10.229.99.212 with SMTP id v20mr1030302qcn.28.1249785150301; Sat, 08 Aug 2009 19:32:30 -0700 (PDT) Date: Sat, 8 Aug 2009 19:32:30 -0700 Message-ID: <560f92640908081932s69ae225mb3c55fef47a4924b@mail.gmail.com> From: Nerius Landys To: FreeBSD Mailing List Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Building home router: 192.168.0.x to access internet X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Aug 2009 02:32:31 -0000 I'm setting up my FreeBSD computer (which has multiple NICs) to act as a home router (and DNS server and a few other things, but that's not important for this email). I have done this before, but then my hard drive broke and I have to do this all again. So, I have a few questions just to confirm that my approach to this problem is going to be the optimal one that I can take. First, my choise of internal network IP addresses is 192.168.0.x. My router machine's IP address will be 192.168.0.254 (that's the interface facing the internal network). The IP addresses of the machines behind the router will start at 192.168.0.2 and go up. I'm wondering if this choice of IP addresses is conventional or good. Is this numbering scheme decent? This is the way I had it set up earlier. I've seen a lot of networks using 192.168.1.x and the router would be 192.168.1.1. So now to the problem of being able to connect from a 192.168.0.x machine to an outside IP address. The way I did this before was by adding 'gateway_enable="YES"' to /etc/rc.conf and then using the OpenBSD packet filter (pf) to do a NAT thing. I'm wondering if this, in your opinion, is the preferred way to do things in order to set up an internal network which can access the outside internet directly. If so, can someone give me a really minimal yet secure packet filter rule set that would do the job? (I'm prepared to read the pf docs, which will take me a few hours.) The router will connect to the outside via DHCP, and from what I remember I had to add a rule to not drop packets that were DHCP-related.