Date: Sat, 23 Sep 2000 16:42:13 -0400 From: mgruver@reveregroup.com To: FreeBSD-questions@FreeBSD.ORG Cc: dleal@webvolution.net Subject: Re: LAN question Message-ID: <86256963.0071E0BA.00@main.reveregroup.com>
next in thread | raw e-mail | index | archive | help
Daniel, You have asked a question that I have had for over two months. I also am a FreeBSD Newbie. However, I have had the assistance of several people, including Greg Lehey. Everyone has been very helpful. I can't help you with the PPP configuration because I don't use that. I have a cable modem (I highly recommend one, if you have the means). But I can perhaps help with the other parts. Here is what I would suggest: 1. Get the PPP connection (that is the dialup configuration with your modem) to your ISP working first. If you haven't got that going yet, I suggest just posting that as the first question. 2. Once you can get to your ISP through the modem using FreeBSD then you are ready to configure the NAT and Firewall. If you have FreeBSD 4.1 installed the first thing you want to do is make sure you have the source files in /usr/src/sys/. You can check by doing a "cd /usr/src/sys/" and then doing the command "ls" you should see the i386 directory in there, if not you will need to load it using the /stand/sysinstall from the root. 3. The next thing is to recompile the Kernel using the IPFIREWALL, IPDIVERT, and IPFIREWALL_DEFAULT_TO_ACCEPT options. We start this by a "cd /usr/src/sys/i386/conf", and then "cp GENERIC MYCUSTOM" this will copy the Generic FreeBSD Kernel configuration file to one named MYCUSTOM. You can name it anything you want, however it is a unix tradition to use all caps. 4. After copying the kernel source we will modify it using vi or you favorite editor. "vi MYCUSTOM". 5. Once you have the kernel source in the editor we are going to page down through the options section and at the bottom insert a line the the "o" key and add three: options IPFIREWALL options IPDIVERT options IPFIREWALL_DEFAULT_TO_ACCEPT the save the file with a ":wq" and we are ready to compile it. 6. type in "/usr/sbin/config -g MYCUSTOM This will configure the new kernel file 7. next type in "cd ../../compile/MYCUSTOM this will change to the compilation directory 8. the type in "make" this will make the new kernel and probably take as long as an hour or so (at least it does on my old P90 server). 9. When the make finishes and you are back to the # prompt type in "make install" to install the new kernel. 10. Boot the new kernel with the "shutdown -r now" 11. You will now need to copy the /etc/rc.conf file and edit the original like "cp /etc/rc.conf /etc/rc.conf.0923" and then "vi /etc/rc.conf" 12. we are going to add the following file to the /etc/ directory: vi /etc/natd.conf dynamic yes use_sockets yes same_ports yes 13. we are going to add the following keywords: gateway_enabled="YES" firewall_enabled-"YES" firewall_type="open" natd_enabled="YES" natd_interface="<this is where you put in the ppp device>" natd_flags="-f /etc/natd.conf" 14. You might want to load a proxy server for http. I would suggest going back to the /stand/sysinstall in the ports and loading tinyproxy 1.3.3 go to www.freebsd.org and go to the ports and read the description and go to the web site. I loaded it as a daemon in the /usr/local/rc.d/tinyproxy.sh on startup. The command is "/usr/local/sbin/tinyproxy -a Host: -a Authorization:" If you need help creating the .sh file in the rc.d directory let me know. A cool guy name Janko Van Roosmalen helped me with that. I can forward you the instructions. That should get you going. If you don't understand anything, email me for clarification. Don't mess up your kernel, dude. Be careful! Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86256963.0071E0BA.00>