From owner-freebsd-doc Wed Feb 23 23:34:55 2000 Delivered-To: freebsd-doc@freebsd.org Received: from mta3.snfc21.pbi.net (mta3.snfc21.pbi.net [206.13.28.141]) by hub.freebsd.org (Postfix) with ESMTP id 295CB37BB1B; Wed, 23 Feb 2000 23:34:40 -0800 (PST) (envelope-from ehampshire@scu.edu) Received: from ice ([216.103.215.136]) by mta3.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.1999.09.16.21.57.p8) with SMTP id <0FQF00NBHBP333@mta3.snfc21.pbi.net>; Wed, 23 Feb 2000 23:34:17 -0800 (PST) Date: Thu, 23 Mar 2000 23:34:46 -0800 From: Eric Hampshire Subject: NAT Documentation To: freebsd-doc@FreeBSD.ORG Cc: jim@freebsd.org Message-id: <00f701bf9563$6e0b52c0$0301000a@yourmom.dhs.org> MIME-version: 1.0 X-Mailer: Microsoft Outlook Express 5.00.2919.6600 Content-type: multipart/alternative; boundary="----=_NextPart_000_00F4_01BF9520.5FAC9060" X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 X-Priority: 3 Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_00F4_01BF9520.5FAC9060 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Okay, here it is... the documentation for setting up a gateway under = FreeBSD. I wrote in as Thomas Hargrove earlier (he's my roommate) = because he was on my computer using my burner. Anyways, here it is: =20 Setting up a Gateway =20 Step 1: Note: The following steps assume you have a PCI network = card that you are adding to your machine. If you plan on adding an ISA = network card you are going to have to recompile your kernel after adding = the IRQ and port number (ex. 0x280) to the proper place in your kernel = source. If you already have two PCI network cards installed skip down = to the part that starts "Pick a range.". =20 Install two network cards in a machine running FreeBSD. = One network card should have an IP assigned by your ISP (a static IP) or = by DHCP (a dynamic IP), also assigned by your ISP. This network card is = the external interface and you should have instructions on what to set = the IP and netmask to. Now you have some choices for the other network = card which will be the internal interface. The following IP ranges are = available for private networks: =20 10.0.0.1 - 10.255.255.254 mask 255.0.0.0 172.16.0.1 - 172.16.255.254 mask 255.240.0.0 192.168.0.1 - 192.168.255.254 mask 255.255.0.0 =20 Pick a range and then an IP for your gateway. This IP will the default = gateway you set on all the machines on your internal network. Add a = line in your rc.conf (located in /etc) so this network card is = configured and set up on bootup. =20 In the following example the network is set up with a = FreeBSD machine connected via Pacbell DSL to the internet. Pacbell DSL = provides the IP 216.103.215.136 and the default gateway 216.103.215.254. = The FreeBSD machine is the gateway with an IP of 10.0.1.11 and is = providing NAT (network address translation) for two Windows 98 machines, = with the IP addresses 10.0.1.2 and 10.0.1.3. Both these Windows = machines should set their default gateway to be 10.0.1.11. =20 Example: #here's where you list your network cards (in this example called pn0 = and pn1) network_interfaces=3D"pn0 pn1 lo0" =20 #here's the external interface (IP and default router provided by ISP) ifconfig_pn0=3D"inet 216.103.215.136 netmask 255.255.255.0 defaultrouter=3D"216.103.215.254" =20 #here's the internal interface configuration (what you need to add) ifconfig_pn1=3D"inet 10.0.1.11 netmask 255.255.255.0" =20 Step 2: Now you're ready to configure the kernel. You will need to = recompile the kernel to add the routing options it needs to do NAT = (network address translation). You need to have the kernel source = installed. It will be located in /usr/src/sys. If you do not have this = directory, run /stand/sysinstall and add the Kern-Developer packages. = Here's what you need to do now: =20 # cd /usr/src/sys/i386/conf # cp GENERIC LOCAL =20 Now you need to edit LOCAL with your favorite text editor (vi, emacs, = pico, etc.). In this example I use vi. =20 # vi LOCAL =20 In the options section, add these lines: =20 options IPFIREWALL options IPFIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT =20 Now go the end of the file and make sure that the following line is = there: =20 pseudo-device bpfilter 4 #Berkeley = packet filter =20 The number after bpfilter is adjustable. The number 4 is used above = because it's a good default value, but this number depends on the number = of simultaneously instances you need running on your gateway. For = example, if you plan to run DCHP, NAT, and a tcpdump at the same time, = then you need that number to be 3. Okay, now you're ready to recompile your kernel. Follow = these steps: =20 # config LOCAL # cd /sys/compile/LOCAL # make clean # make depend # make # make install =20 This last step, "make install" copies your old kernel to /kernel.old and = puts in the newly compiled kernel. Now it's time to edit rc.conf again. = Again, use your favorite text editor (my choice is vi here) and add the = following lines: =20 firewall_enable=3D"YES firewall_type=3D"open" gateway_enable=3D"YES" natd_enable=3D"YES" natd_interface=3D"pn0" #This is the = external (public) interface =20 If you get your IP dynamically (ie. Through DHCP) then add the following = line: =20 natd_flags=3D"-dynamic" =20 =20 Step 3: Reboot!!! That's it. If something goes wrong and it = won't boot you can always hit something other than RETURN when it asks = you to and type "boot kernel.old" to boot the machine using your old = kernel. Thanks for letting me write it! Eric Hampshire ------=_NextPart_000_00F4_01BF9520.5FAC9060 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Okay, here it is... the documentation = for setting=20 up a gateway under FreeBSD.  I wrote in as Thomas Hargrove earlier = (he's my=20 roommate) because he was on my computer using my burner.  Anyways, = here it=20 is:
 
 

Setting up a=20 Gateway

 

Step=20 1:

           &nbs= p;   =20 Note: The following steps assume you have a PCI network card that = you are=20 adding to your machine.  = If you plan=20 on adding an ISA network card you are going to have to recompile your = kernel=20 after adding the IRQ and port number (ex. 0x280) to the proper place in = your=20 kernel source.  If you = already have=20 two PCI network cards installed skip down to the part that starts = “Pick a=20 range…”.

           &nbs= p;   =20

           &nbs= p;   =20 Install two network cards in a machine running FreeBSD.  One network card should have = an IP=20 assigned by your ISP (a static IP) or by DHCP (a dynamic IP), also = assigned by=20 your ISP.  This network = card is the=20 external interface and you should have instructions on what to set the = IP and=20 netmask to.  Now you have = some=20 choices for the other network card which will be the internal = interface.  The following IP ranges are = available=20 for private networks:

 

10.0.0.1 - = 10.255.255.254 =20             = mask=20 255.0.0.0

172.16.0.1 - = 172.16.255.254 =20            =20 mask 255.240.0.0

192.168.0.1 - = 192.168.255.254 =20          =20 mask 255.255.0.0

 

Pick a range and then an IP for your = gateway.  This IP will the default = gateway you set=20 on all the machines on your internal network.  Add a line in your rc.conf = (located in=20 /etc) so this network card is configured and set up on bootup.

 

           =20 In the following example the network is set up with a FreeBSD = machine=20 connected via Pacbell DSL to the internet. =20 Pacbell DSL provides the IP 216.103.215.136 and the default = gateway=20 216.103.215.254.  The = FreeBSD=20 machine is the gateway with an IP of 10.0.1.11 and is providing NAT = (network=20 address translation) for two Windows 98 machines, with the IP addresses = 10.0.1.2=20 and 10.0.1.3.  Both these = Windows=20 machines should set their default gateway to be 10.0.1.11.

 

Example:

#here’s=20 where you list your network cards (in this example called pn0 and=20 pn1)

network_interfaces=3D”pn0 pn1=20 lo0”

 

#here’s=20 the external interface (IP and default router provided by=20 ISP)

ifconfig_pn0=3D”inet 216.103.215.136=20 netmask 255.255.255.0

defaultrouter=3D”216.103.215.254”

=

 

#here’s=20 the internal interface configuration (what you need to=20 add)

ifconfig_pn1=3D”inet 10.0.1.11=20 netmask 255.255.255.0”


 

Step=20 2:

           =20 Now you’re ready to configure the kernel.  You will need to recompile the = kernel to=20 add the routing options it needs to do NAT (network address = translation).  You need to have the kernel = source=20 installed.  It will be = located in=20 /usr/src/sys.  If you do = not have=20 this directory, run /stand/sysinstall and add the Kern-Developer = packages.  Here’s what you need to = do=20 now:

 

           =20 # cd /usr/src/sys/i386/conf

           =20 # cp GENERIC LOCAL

 

Now you=20 need to edit LOCAL with your favorite text editor (vi, emacs, pico, = etc…).  In this example I use=20 vi.

 

           =20 # vi LOCAL

 

In the=20 options section, add these lines:
 
           =20 options        IPFIREWALL
  =          =20 options        = IPFIREWALL_DEFAULT_TO_ACCEPT
 =20          =20 options        IPDIVERT

 

Now go the=20 end of the file and make sure that the following line is=20 there:

 

           =20 pseudo-device   =            =20 bpfilter 4           =20 #Berkeley packet filter

 

The=20 number after bpfilter is adjustable. =20 The number 4 is used above because it’s a good default = value, but this=20 number depends on the number of simultaneously instances you need = running on=20 your gateway.  For = example, if you=20 plan to run DCHP, NAT, and a tcpdump at the same time, then you need = that number=20 to be 3.

           &nbs= p;   =20 Okay, now you’re ready to recompile your kernel.  Follow these=20 steps:

 

           &nbs= p;   =20 # config LOCAL

           &nbs= p;   =20 # cd /sys/compile/LOCAL

           &nbs= p;   =20 # make clean

           &nbs= p;   =20 # make depend

           &nbs= p;   =20 # make

           &nbs= p;   =20 # make install

 

This last step, = “make=20 install” copies your old kernel to /kernel.old and puts in the = newly compiled=20 kernel.  Now it’s = time to edit=20 rc.conf again.  Again, use = your=20 favorite text editor (my choice is vi here) and add the following=20 lines:

 

           &nbs= p;   =20 firewall_enable=3D”YES

           &nbs= p;   =20 firewall_type=3D”open”

           &nbs= p;   =20 gateway_enable=3D”YES”

           &nbs= p;   =20 natd_enable=3D”YES”

           &nbs= p;   =20 natd_interface=3D”pn0”           &nbs= p;   =20 #This is the external (public) interface

 

If=20 you get your IP dynamically (ie. Through DHCP) then add the following=20 line:

 

           &nbs= p;   =20 natd_flags=3D”-dynamic”

 

 

Step=20 3:

           &nbs= p;   =20 Reboot!!!  = That’s it.  If something goes wrong and it = won’t=20 boot you can always hit something other than RETURN when it asks you to = and type=20 “boot kernel.old” to boot the machine using your old = kernel.

 

 

Thanks for letting = me write=20 it!

Eric=20 Hampshire

------=_NextPart_000_00F4_01BF9520.5FAC9060-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message