Date: Fri, 9 Jul 2004 04:47:46 +0200 From: "Terrence Koeman" <root@mediamonks.net> To: "'Nathan Kinkade'" <nkinkade@ub.edu.bz> Cc: freebsd-questions@freebsd.org Subject: RE: Network configuration Message-ID: <200407090447210.SM07768@manrikigusari> In-Reply-To: <20040708174925.GA24348@gentoo-npk.bmp.ub>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: nkinkade@gentoo-npk.bmp.ub > [mailto:nkinkade@gentoo-npk.bmp.ub] On Behalf Of Nathan Kinkade > Sent: Thursday, July 08, 2004 19:49 > To: Terrence Koeman > Cc: freebsd-questions@freebsd.org > Subject: Re: Network configuration > > On Thu, Jul 08, 2004 at 05:10:28PM +0200, Terrence Koeman wrote: > > Hi, > > > > I have been busy setting up a network the last 3 days, but > I cannot get it > > working. > > > > Basically I have no clue what has to be setup etc. and if I > need bridging or > > not. > > > > The situation is as follows: > > > > -------------- > > | SDSL Modem | > > | Bridged | > > -------------- > > | > > -------------------------- > > | xl0: 217.1.1.155 | > > | | > > | Freebsd Box | > > | | > > | xl1 | > > -------------------------- > > | > > ---------- > > |---------------| SWITCH |---------------| > > | ---------- | > > | | | > > ------------------- ------------------- ------------------- > > | C1: 217.1.1.156 | | C2: 217.1.1.157 | | C3: 217.1.1.158 | > > ------------------- ------------------- ------------------- > > > > > > The FreeBSD box has full internet connectivity and I can > also get NAT > > working, but the thing is that I need those non-private > IP's bound to the > > clients and I need ipfw between the clients and the modem. > Also I need the > > FreeBSD machine to have a non-private IP address. I have no > clue as to > > getting the packets from those clients to the internet. I > tried bridging xl0 > > and xl1 and using 217.1.1.155 as gateway, but that didn't work. > > > > Maybe someone that knows how to do something like this can > shed some light > > on it for me? > > > > Thanks in advance. > > > > -- > > Regards, > > Terrence Koeman > > You could make the FreeBSD box a bridge and still use IFPW. It really > depends on whether you will have other clients that will NOT > have public > IP addresses that will need NAT - you don't specify whether > this is the > case. For FreeBSD to be setup as a bridge/IPFW machine you will > minimally need a kernel compiled with the following options: > > options IPFIREWALL > options BRIDGE > > After you have built and installed this kernel add the > following entries > to /etc/sysctl.conf: > > net.link.ether.bridge=1 > net.link.ether.bridge_cfg=xl0,xl1 > net.link.ether.bridge_ipfw=1 > net.inet.ip.fw.enable=0 > > You will probably want to add the following lines to /etc/rc.conf so > that some IPFW rules will be loaded at boot: > > firewall_enable="YES" > firewall_type="<your fw type>" > > Read the firewall(7) manpage for more information. > > If you don't have console access to the FreeBSD machine > beware that the > default rule is to deny packets. Therefore if you build IPFW into the > kernel and don't allow for some basic rules to be added at > boot you will > likely be locked out from anything but console access. > There might be more clients that will require nat later. I tried this with: -217.1.1.155 bound to xl0 -nothing bound to xl1 -xl0 and xl1 bridged. -no ipfw rules and default to accept. When I try this the box is dead, no connectivity out and 217.1.1.155 is not reachable. If I try the exact same setup and bind 192.168.0.1 to xl1 I can connect to it when bridged, but the rest remains the same. -- Regards, Terrence Koeman MediaMonks B.V. (www.mediamonks.com) Please quote all replies in correspondence.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200407090447210.SM07768>