From owner-freebsd-net Thu Feb 15 19:11: 8 2001 Delivered-To: freebsd-net@freebsd.org Received: from web3301.mail.yahoo.com (web3301.mail.yahoo.com [204.71.201.24]) by hub.freebsd.org (Postfix) with SMTP id 749BD37B4EC for ; Thu, 15 Feb 2001 19:11:04 -0800 (PST) Message-ID: <20010216031103.9300.qmail@web3301.mail.yahoo.com> Received: from [12.22.60.1] by web3301.mail.yahoo.com; Thu, 15 Feb 2001 19:11:03 PST Date: Thu, 15 Feb 2001 19:11:03 -0800 (PST) From: Howard Lin Subject: Do I need to run RouteD/GateD? To: freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello there, I am trying to set up a simple net work at home. Here is my exisiting setup: 1) I have a DSL router which does NAT which everyone on the LAN connects to. The address for the DSL router is 1.2.3.1 2) Everyone on the LAN connects to the router and uses 1.2.3.1 as gateway (net mast 255.255.255.0) 3) I have a FreeBSD box (1.2.3.10), which I have my mail server, webserver, and other goodies on it, which everyone is happily connected to. 4) I set up DHCPD already, so everyone is getting their addresses in the range I specified. Now, I want to use my FreeBSD box as a public wireless base station using Orinoco card (wi0). In theory, everyone close to me can connect to the wireless interface. So, here is what I am thinking about doing: 1) I have recompiled my BSD box with ipfw on, and ipfw working, and I have set "gateway_enable=YES" in my rc.conf 2) I want to take my laptop and connect to my BSD box wirelessly and get address from the DHCPD, and I want to be able to access all the resource on my wired LAN. e.g. the mail server, webserver, or chat with another person on the wired LAN. 3) I am semi paranoid about all the hackers in my neighborhood, so, I want to use IPFW on some of the traffic from my wireless interface. And since IPFW can ony block base on IP addresses, not ETHERNET address, this basically forced me to use DHCPD to assign FIXED ADDRESS to known ETHERNET ADDRESS. (this makes DHCPD looks like an overkill.) So, now I can finally use IPFW rules to block evil traffics from the wireless interface So, finally, my question: on the wireless side, everyone uses the FREEBSD as the gateway, so I can see the traffic can go from wireless side->FreeBSD->DSL Router->Internet. But, how about coming back? Do I need to run routed, or gated so that everyone on the wired LAN knows to use the BSD box as a router? How does the DSL router know how to send packets back to the wireless side? Thanks, Howard P.S : Any good security suggestions are welcomed as well. :) __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message