Date: Fri, 5 Jul 2002 10:18:16 -0400 From: "Miroslav Pendev" <shadow@CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com> To: "Roberto Armenteros" <rarmente@yahoo.com> Cc: "freebsd-questions" <freebsd-questions@FreeBSD.ORG> Subject: Re: Sharing my internet connection with freebsd Message-ID: <003001c2242e$cf33cfd0$c801a8c0@vsivyoung> References: <20020704220316.45017.qmail@web13609.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Roberto,
> I am about to get the optimun online service. I am
> planning to build a bastion firewall in freebsd to
> separate my internal network with the outside network.
Sounds good! As far as I know FreeBSD is the best OS for
this. I would recommend you to use NAT - you will need only
one 'real' IP address - for the external interface of the box!
> Since freebsd will be directly connected with the
> cable line "since it will be the firewall" I need to
> set it up so it will share the connection with the
> rest of my pcs through a switch. How do I set it up to
> share the internet connection "this box has two nic
> cards, one directly connected to the cable line and
> the other one to my internal pcs." Will I need to use
> this freebsd firewall as a gateway to the rest of the
Yes, the IP address of the internal interface MUST be your
default gateway for all internal PC's but NOT for the Firewall
itself!
Ok, I will try to give you the way to do this, but I will
highly recomend you to read RTFM ('The Handbook') There is a lot
information about firewalls, NAT, kernel compilation (yes, you need
to compile custom kernel)
1. To get the firewall and NAT working you must compile your own
kernel. In this case just copy the GENERIC and add these lines into
it:
options IPFIREWALL
options IPDIVERT
compile and install your kernel! (RTFM carefully, first) DO NOT REBOOT, not yet!
2. Edit your /etc/rc.conf file and add these lines:
firewall_enable="YES"
firewall_type="open"
natd_enable="YES"
natd_interface="xl0"
As you can see the Firewall type is set to 'open' - you can
create 'your' Firewall type later. You can start with this only to get
the things workling. RTFM and see /etc/rc.firewall !!!
Be sure to change natd_interface="xl0" to whatever is your external network
card.
Mine is 3COM 905, that why I have 'xl0' here.
3. reboot
At this point you have FreeBSD Firewall and NAT working. Cool, is'n it!
Just 3 steps ;-)
I gues, you have the default gateway's IP from your ISP
and it is setup, already. The same for the DNS servers.
Be sure the check if your external interface needs to be DHCP or you can
just use the IP address as static. This depends on your ISP. For my
cable modem the network is with DCHP, but the address is 'static' in terms of
few months ;-)))
> pcs and is this the right thing to do? I would really
> appreciate your help guys since I've never done
> anything like this.
>
> Thanks a lot, Roberto
>
If you have more questions, after you read carefully The FreeBSD Handbook
about these things... just ask ;-)
This wasn't the best explanation, but...
Hope that helps!
--Miro
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003001c2242e$cf33cfd0$c801a8c0>