From owner-freebsd-questions Fri Jul 5 7:18:22 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9524937B400 for ; Fri, 5 Jul 2002 07:18:18 -0700 (PDT) Received: from CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com (CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com [24.103.39.131]) by mx1.FreeBSD.org (Postfix) with SMTP id 9D2E543E3B for ; Fri, 5 Jul 2002 07:18:17 -0700 (PDT) (envelope-from shadow@CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com) Received: (qmail 65122 invoked from network); 5 Jul 2002 14:18:49 -0000 Received: from unknown (HELO vsivyoung) (66.46.21.253) by cpe0004761ac738-cm00109515bc65.cpe.net.cable.rogers.com with SMTP; 5 Jul 2002 14:18:49 -0000 Message-ID: <003001c2242e$cf33cfd0$c801a8c0@vsivyoung> From: "Miroslav Pendev" To: "Roberto Armenteros" Cc: "freebsd-questions" References: <20020704220316.45017.qmail@web13609.mail.yahoo.com> Subject: Re: Sharing my internet connection with freebsd Date: Fri, 5 Jul 2002 10:18:16 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi Roberto, > I am about to get the optimun online service. I am > planning to build a bastion firewall in freebsd to > separate my internal network with the outside network. Sounds good! As far as I know FreeBSD is the best OS for this. I would recommend you to use NAT - you will need only one 'real' IP address - for the external interface of the box! > Since freebsd will be directly connected with the > cable line "since it will be the firewall" I need to > set it up so it will share the connection with the > rest of my pcs through a switch. How do I set it up to > share the internet connection "this box has two nic > cards, one directly connected to the cable line and > the other one to my internal pcs." Will I need to use > this freebsd firewall as a gateway to the rest of the Yes, the IP address of the internal interface MUST be your default gateway for all internal PC's but NOT for the Firewall itself! Ok, I will try to give you the way to do this, but I will highly recomend you to read RTFM ('The Handbook') There is a lot information about firewalls, NAT, kernel compilation (yes, you need to compile custom kernel) 1. To get the firewall and NAT working you must compile your own kernel. In this case just copy the GENERIC and add these lines into it: options IPFIREWALL options IPDIVERT compile and install your kernel! (RTFM carefully, first) DO NOT REBOOT, not yet! 2. Edit your /etc/rc.conf file and add these lines: firewall_enable="YES" firewall_type="open" natd_enable="YES" natd_interface="xl0" As you can see the Firewall type is set to 'open' - you can create 'your' Firewall type later. You can start with this only to get the things workling. RTFM and see /etc/rc.firewall !!! Be sure to change natd_interface="xl0" to whatever is your external network card. Mine is 3COM 905, that why I have 'xl0' here. 3. reboot At this point you have FreeBSD Firewall and NAT working. Cool, is'n it! Just 3 steps ;-) I gues, you have the default gateway's IP from your ISP and it is setup, already. The same for the DNS servers. Be sure the check if your external interface needs to be DHCP or you can just use the IP address as static. This depends on your ISP. For my cable modem the network is with DCHP, but the address is 'static' in terms of few months ;-))) > pcs and is this the right thing to do? I would really > appreciate your help guys since I've never done > anything like this. > > Thanks a lot, Roberto > If you have more questions, after you read carefully The FreeBSD Handbook about these things... just ask ;-) This wasn't the best explanation, but... Hope that helps! --Miro To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message