From owner-freebsd-questions@FreeBSD.ORG Tue Oct 14 10:17:36 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5550A1065691 for ; Tue, 14 Oct 2008 10:17:36 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from QMTA07.westchester.pa.mail.comcast.net (qmta07.westchester.pa.mail.comcast.net [76.96.62.64]) by mx1.freebsd.org (Postfix) with ESMTP id F33A28FC1C for ; Tue, 14 Oct 2008 10:17:34 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from OMTA07.westchester.pa.mail.comcast.net ([76.96.62.59]) by QMTA07.westchester.pa.mail.comcast.net with comcast id Sa5l1a00W1GhbT857aHZEY; Tue, 14 Oct 2008 10:17:33 +0000 Received: from koitsu.dyndns.org ([69.181.141.110]) by OMTA07.westchester.pa.mail.comcast.net with comcast id SaHZ1a00H2P6wsM3TaHaEk; Tue, 14 Oct 2008 10:17:34 +0000 X-Authority-Analysis: v=1.0 c=1 a=Hhtsdv2kQ0QA:10 a=7q5sDk5WlpcA:10 a=QycZ5dHgAAAA:8 a=HzIgleMfoRTeSbfDf6wA:9 a=RNBA1LG9NfrTHy-GxOYA:7 a=rqq-S7o6l-2yIl87W5dLQdSmRU8A:4 a=EoioJ0NPDVgA:10 a=LY0hPdMaydYA:10 Received: by icarus.home.lan (Postfix, from userid 1000) id 18735C9419; Tue, 14 Oct 2008 03:17:33 -0700 (PDT) Date: Tue, 14 Oct 2008 03:17:33 -0700 From: Jeremy Chadwick To: Michael Powell Message-ID: <20081014101733.GA47158@icarus.home.lan> References: <48F43EB1.40304@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-questions@freebsd.org Subject: Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2008 10:17:36 -0000 On Tue, Oct 14, 2008 at 04:55:11AM -0400, Michael Powell wrote: > Manish Jain wrote: > > > > > Hi, > > > > I am poor at networking and need a little bit of help. My dad has a > > Windows 2000 machine with a network card but does not have a connection > > to the internet. My freebsd 6.2 box is connected to the internet and has > > 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is > > directly connected via a long Ethernet cable to the NIC on my dad's > > machine. While I can access the internet easily, I want my dad to be > > able to connect to the internet with my freebsd box serving as the > > gateway. Can anyone please explain to me in easy steps how to accomplish > > this ? > > > > Although to many old-timers this is easily achieved, to someone new to > networking it is difficult to explain it in "easy steps". It involves a set > of pieces that have to fit together correctly in order to work. You will > need to do some proper reading on the underlying concepts first. > > First, establish that there exists basic network connectivity between your > machine and your dads. You may need to use a crossover cable. You will want > to assign a static IP address in the "Private" IP space range to your rl1 > interface. This is also known as RFC 1918. You will also want to manually > configure a static IP on your dad's machine that is in the same network, > instead of allowing it to come up on the link.local of 169.254.x.x. An > example would be your rl1 == 192.168.10.1 netmask 255.255.255.0 and your > dad's machine == 192.168.10.2 netmask 255.255.255.0. For DNS at this stage > you can use hosts files on each host for name resolution. Ensure that each > machine can be ping'd by the other. > > Next, you will want to configure your FreeBSD machine as a NAT gateway. In > your /etc/rc.conf you will want something like gateway_enable="YES" and > some form of firewall initialization[1]. The gateway_enable is what allows > the forwarding of packets between your rl0 and your rl1, but the activation > of NAT functionality is usually a function contained within a firewall. So > conceptually, the firewall will be "in between" rl0 and rl1. > > There are three different firewalls you can choose from. Configuring the > firewall is usually where the inexperienced get stuck. This subject > material is beyond the scope of this missive, and you would do well to > start reading in the Handbook. But essentially, when you configure NAT in > the firewall your rl0 (connected to the ISP) will be assigned a "Public" IP > address and the NAT function will translate between "Public" and "Private". > > The next sticky point that will happen, should you get this far, is name > resolution. You will want to place the IP addresses of the name servers of > your ISP in your /etc/resolv.conf. You will also want to enter these into > the TCP configuration of your dad's machine. In addition, on your dad's > machine you will enter the IP address you used on your rl1 as the "default > route". > > The subject is much too broad for exhaustive coverage here. If your > DSL/Cable modem has router ports on it, it might just be easier to plug > your dad's machine up there and forget about all of this. Much reading will > be required of you, and once you know most of it then you will know what > specific questions to ask when you encounter sticking points. This is > intended only as a very generic form of overview. > > -Mike > > [1] For example, a couple of lines from my /etc/rc.conf: > > pf_enable="YES" > pf_rules="/etc/pf.conf" > pf_flags="-e" > pflog_enable="YES" > pflog_logfile="/var/log/pflog" > pflog_flags="" > > and the NAT line from my /etc/pf.conf: > > nat on $ExtIF inet from $INTERNAL to any -> ($ExtIF) > > Please note that these are for illustrative purposes only, and by themselves > will do nothing for your specific situation. There is much more that you > will have to dig out of the documentation, understand, and configure > appropriately. Doesn't he need to also set sysctl net.inet.ip.forwarding=1 for his box to act as a gateway? Or is this handled by the NAT portion? -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |