Date: Thu, 22 Jul 2004 21:04:06 -0500 From: "James A. Coulter" <james.coulter@cox.net> To: <freebsd-newbies@freebsd.org> Subject: Newbie Success Story - FreeBSD LAN/WAN Gateway Setup Message-ID: <000601c47059$55ef6890$6e01a8c0@sabrina>
index | next in thread | raw e-mail
Even though I discovered and installed FreeBSD for the first time over two years ago, I was never able to figure out how to get a computer running FreeBSD to act as a gateway to the WAN for my small home LAN. Like many people raised on Windows, I was impatient and never researched the technical data fully, instead searching the mailing lists in the hopes of finding an easy answer. Even after purchasing Greg Lehey's excellent "The Complete FreeBSD" and Annelise Anderson's "FreeBSD: An Open-Source Operating System for your Personal Computer" I was still getting nowhere and still getting frustrated. Finally, I asked the FreeBSD-questions list what I was doing wrong and got almost instant feedback: turn Network Address Translation on. In other words, your FreeBSD box must not only act as a gateway to the internet, but as a router, too. All these years of letting Windows wizards do the heavy lifting for me had left me dumb and lazy. I thought that enabling the gateway (gateway_enable="YES") in the rc.conf was all I needed to do. Well, it's not and in case another newbie, making the transition from Windows to FreeBSD gets here after typing "FreeBSD gateway" into google, here's a very quick list of what you'll need to do to get your new FreeBSD box to pass packets back and forth between the Internet and your home LAN: 1. You'll need two nics in your FreeBSD gateway/router box - one connected to your modem (the WAN) and one connected to your hub (the LAN) 1. Build a custom kernel with the following options included: options IPFIREWALL options IPDIVERT You can find instructions on building a custom kernel in Chapter 8 of the FreeBSD Handbook (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/index.html). (A word to the wise - if it doesn't work the first time, start over and make only a few changes to the GENERIC kernel at a time, re-compiling and re-installing after each change until you get it where you want it) 2. Create a file in /etc and name it rc.nat. Put the following lines in it: /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via (your WAN nic, i.e. dc0 or maybe ed1) /sbin/ipfw add pass all from any to any 3. Add (or change) the following in /etc/rc.conf ifconfig_(WAN nic) = "DHCP" (assuming your ISP provides you with a dynamic IP address) ifconfig_(LAN nic) = "inet XXX.XXX.X.XXX netmask 255.255.255.0" (I used 192.168.1.1) gateway_enable="YES" firewall_enable="YES" firewall_script="/etc/rc.nat" firewall_type="OPEN" natd_enable="YES" natd_interface="(WAN nic)" natd_flags="-dynamic" (WARNING: All though this configuration enables your firewall, it also sets it wide open which means in effect it is not operating and you're not getting any protection. Firewall configuration is my next FreeBSD goal. . .) 4. Execute the following (as a superuser): /etc/netstart 5. Check connectivity to the Internet by running ifconfig and ensuring both your nics are up and your ISP has assigned an IP address to your WAN nic. PING www.freebsd.org to make sure you're REALLY connected to the internet. . . 6. Configure the other computers on you LAN with static IP addresses in the same subnet as your LAN nic (my LAN nic's IP address is 192.168.1.1, the WinXP machine I am typing this e-mail on is 192.168.1.101). Make sure you specify Domain Name Servers (DNS) addresses! 6. Check connectivity between your other computers and the FreeBSD gateway/router by pinging it. 7. Finally try pinging www.freebsd.org - congrats if you get a response! If not, all I can say is keep reading the man pages and if all else fails send an e-mail to the freebsd-questions mailing list with the contents of your rc.conf and output of ifconfig and netstat -rn and almost certainly somebody will help you out like they helped me out. Good luck and thanks again to the FreeBSD community for all your help - I'm sure it won't be long before I'm asking for help configuring my firewall. Jim C.help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000601c47059$55ef6890$6e01a8c0>