From owner-freebsd-questions@FreeBSD.ORG Tue Oct 14 11:40:08 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D2F7A106568B for ; Tue, 14 Oct 2008 11:40:08 +0000 (UTC) (envelope-from sonic2000gr@gmail.com) Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.189]) by mx1.freebsd.org (Postfix) with ESMTP id 4B2668FC2D for ; Tue, 14 Oct 2008 11:40:06 +0000 (UTC) (envelope-from sonic2000gr@gmail.com) Received: by mu-out-0910.google.com with SMTP id i2so2116147mue.3 for ; Tue, 14 Oct 2008 04:40:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=+ThzUJeuXTu6sHxYMHii481nLWaptPOVPEiMT5cSP90=; b=LW8NxpRZJBBQaB3nrjKeUbuq0lZmYQx/P4APfn96pEdrZ9B/WjaidVm8w+RUrtZSEc Af6HJ9IPEsH6KndaG2FbLvpmtMIC3nyLkDRxX9kEkkLJ0i5inb+DTJQQgItUNZCKv9cd B3aI1cuzlh2FfbOUAOioAI3ngKcEjq2cY9oGU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=ehgSDFeYp56h9HwcLUYzmbRR5j7up84iDWClHt3WY8pMmo2PxfWoiFHQUTUNlAetNo M/fqlZ+NXZXCERFw3B7NZYwwStlviRm2jp6IgG8cbz5xT05Pzq6igakMM7AXxfSedBNR FiCaOjIvfrqUvYhV0jO4UVgfEXymDZNYBt2rg= Received: by 10.181.5.1 with SMTP id h1mr5707225bki.56.1223984404469; Tue, 14 Oct 2008 04:40:04 -0700 (PDT) Received: from atlantis.dyndns.org (athedsl-324342.home.otenet.gr [85.72.122.148]) by mx.google.com with ESMTPS id 28sm7988897fkx.1.2008.10.14.04.40.02 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 14 Oct 2008 04:40:03 -0700 (PDT) Message-ID: <48F48511.2020708@gmail.com> Date: Tue, 14 Oct 2008 14:40:01 +0300 From: Manolis Kiagias User-Agent: Thunderbird 2.0.0.17 (X11/20081011) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <48F43EB1.40304@gmail.com> <87iqrvijcn.fsf@thingy.bsdly.net> In-Reply-To: <87iqrvijcn.fsf@thingy.bsdly.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2008 11:40:09 -0000 Peter N. M. Hansteen wrote: > Manish Jain writes: > > >> I am poor at networking and need a little bit of help. My dad has a >> Windows 2000 machine with a network card but does not have a connection >> to the internet. >> > > When I started writing this, I thought that system had been abandoned > already, but it appears Microsoft will offer a measure of support > through next year sometime. Do see that the system gets properly > updated before you put it on the net. > > >> My freebsd 6.2 box is connected to the internet and has >> 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is >> directly connected via a long Ethernet cable to the NIC on my dad's >> machine. While I can access the internet easily, I want my dad to be >> able to connect to the internet with my freebsd box serving as the >> gateway. Can anyone please explain to me in easy steps how to accomplish >> this ? >> > > The keyword is that you need to set up your machine as a gateway. > There are numerous guides available on how to do that (including the > FreeBSD Handbook (free, online and likely already on your system) my > PF tutorial (http://home.nuug.no/~peter/pf/) contains more than a few > hints, as do several books available at better bookstores), but I > would recommend that you pick literature that enables you to learn the > basics of TCP/IP as well as the actual commands needed. Looking into > packet filtering for basic protection won't hurt either. With those > keywords in hand, you should be able to dig up something useful. > > - Peter > Inspired by this discussion (and just replying to a random post) I tried for the first time to get a test machine as a gateway. I tried the handbook's instructions, here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html These work flawlessly, you will need to recompile your kernel though. The rest of the setup is relatively simple. I am more accustomed to using pf rather than IPFW though, and as I wanted to test this on my main system, I came up with this setup: /etc/rc.conf pf_enable="YES" pf_rules="/etc/pf.conf" pf_flags="" gateway_enable="YES" (Run sysctl net.inet.ip.forwarding=1 *and* /etc/rc.d/routing restart if you do not wish to reboot after modifying rc.conf) I added this rule before the filtering rules section in my /etc/pf.conf: nat pass on rl1 from rl0:network to any -> rl1 (This is an excellent read: http://www.openbsd.org/faq/pf/ ) where rl1 is the Internet-facing card, and rl0 is the local network one. Also added a few simple rules to allow traffic from rl0 as I am normally using pf for firewalling. This also worked nicely, and has the added advantage of not having to recompile the kernel. So the OP has quite a few options, and it may prove not to be very difficult after all.