From owner-freebsd-questions Fri Dec 21 15:41:28 2001 Delivered-To: freebsd-questions@freebsd.org Received: from catalyst.sasknow.net (catalyst.sasknow.net [207.195.92.130]) by hub.freebsd.org (Postfix) with ESMTP id 8519337B405 for ; Fri, 21 Dec 2001 15:41:23 -0800 (PST) Received: from localhost (ryan@localhost) by catalyst.sasknow.net (8.11.6/8.11.6) with ESMTP id fBLNhxT02870; Fri, 21 Dec 2001 17:43:59 -0600 (CST) (envelope-from ryan@sasknow.com) X-Authentication-Warning: catalyst.sasknow.net: ryan owned process doing -bs Date: Fri, 21 Dec 2001 17:43:59 -0600 (CST) From: Ryan Thompson X-X-Sender: To: John McGuigan Cc: Subject: Re: FreeBSD as a gateway... In-Reply-To: Message-ID: <20011221173400.E2811-100000@catalyst.sasknow.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG John McGuigan wrote to freebsd-questions@FreeBSD.ORG: > Hi, I was just wondering if anyone has instruction or could tell > me how i'd setup a FreeBSD machine as a firewall....I'm using 4.4 > and this is an ASCII drawing of my lab... > > ==CABLE MODEM----FreeBSD machine-----16 port hub-----various computers You'll need two NICs (or a dual-port NIC.. same thing)... one for your modem, and one for the hub. You'll want to learn about routing, ipfw, divert sockets, and NAT, and gateway setup. In essesnce, this will require a few kernel settings, and building a custom kernel to allow for the features not found in the GENERIC kernel (many of these are built in by default now). Once you've got that done, you'll have to configure NAT to forward requests from the internal machines through the external interface, using an external IP. (I assume you do NOT have public IPs for each computer?) That's your basic roadmap... In reality you will encounter some complexity, and I can't tell you all you need to know in a single email message.. especially when I don't have the gory details of your setup in front of me :-) You will want to read the Handbook (found at http://www.freebsd.org/handbook/, particularly sections on networking and kernel configuration), and manual page sections for ipfw(8) and natd(8). If you get stuck, we can help you out further. > I want to keep the FreeBSD install as barebones as possible... You'll need the bin distribution and the src/sys distributions. You'll later be able to delete the src/sys distribution, after you've compiled your custom kernel, and you could probably delete half of the bin distribution or so if you know what you're doing. That's pretty barebones. You should be able to do this easily on a 486. :-) > I also need to know how to do this from scratch.... > Thanks alot :) > John McGuigan > -- Ryan Thompson Network Administrator, Accounts SaskNow Technologies - http://www.sasknow.com #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2 Tel: 306-664-3600 Fax: 306-664-1161 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message