Date: Thu, 22 Jul 2004 21:04:06 -0500 From: "James A. Coulter" <james.coulter@cox.net> To: <freebsd-newbies@freebsd.org> Subject: Newbie Success Story - FreeBSD LAN/WAN Gateway Setup Message-ID: <000601c47059$55ef6890$6e01a8c0@sabrina>
next in thread | raw e-mail | index | archive | help
Even though I discovered and installed FreeBSD for the first time over = two years ago, I was never able to figure out how to get a computer running FreeBSD to act as a gateway to the WAN for my small home LAN. Like many people raised on Windows, I was impatient and never researched = the technical data fully, instead searching the mailing lists in the hopes = of finding an easy answer. Even after purchasing Greg Lehey's excellent "The Complete FreeBSD" and Annelise Anderson's "FreeBSD: An Open-Source Operating System for your Personal Computer" I was still getting nowhere and still getting = frustrated. Finally, I asked the FreeBSD-questions list what I was doing wrong and = got almost instant feedback: turn Network Address Translation on. In other words, your FreeBSD box must not only act as a gateway to the internet, but as a router, too. All these years of letting Windows wizards do the heavy lifting for me = had left me dumb and lazy. I thought that enabling the gateway (gateway_enable=3D"YES") in the rc.conf was all I needed to do. Well, it's not and in case another newbie, making the transition from Windows to FreeBSD gets here after typing "FreeBSD gateway" into google, here's a very quick list of what you'll need to do to get your new = FreeBSD box to pass packets back and forth between the Internet and your home = LAN: 1. You'll need two nics in your FreeBSD gateway/router box - one = connected to your modem (the WAN) and one connected to your hub (the LAN) 1. Build a custom kernel with the following options included: options IPFIREWALL options IPDIVERT You can find instructions on building a custom kernel in Chapter 8 of = the FreeBSD Handbook (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/index.html). = (A word to the wise - if it doesn't work the first time, start over and = make only a few changes to the GENERIC kernel at a time, re-compiling and re-installing after each change until you get it where you want it) 2. Create a file in /etc and name it rc.nat. Put the following lines = in it: /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via (your WAN nic, i.e. dc0 or maybe ed1) /sbin/ipfw add pass all from any to any 3. Add (or change) the following in /etc/rc.conf ifconfig_(WAN nic) =3D "DHCP" (assuming your ISP provides you with a dynamic IP address) =09 ifconfig_(LAN nic) =3D "inet XXX.XXX.X.XXX netmask 255.255.255.0" (I used 192.168.1.1) gateway_enable=3D"YES" firewall_enable=3D"YES" firewall_script=3D"/etc/rc.nat" firewall_type=3D"OPEN" natd_enable=3D"YES" natd_interface=3D"(WAN nic)" natd_flags=3D"-dynamic" (WARNING: All though this configuration enables your firewall, it also = sets it wide open which means in effect it is not operating and you're not getting any protection. Firewall configuration is my next FreeBSD goal. = . .) 4. Execute the following (as a superuser): /etc/netstart 5. Check connectivity to the Internet by running ifconfig and ensuring = both your nics are up and your ISP has assigned an IP address to your WAN = nic. PING www.freebsd.org to make sure you're REALLY connected to the = internet. . . 6. Configure the other computers on you LAN with static IP addresses in = the same subnet as your LAN nic (my LAN nic's IP address is 192.168.1.1, the WinXP machine I am typing this e-mail on is 192.168.1.101). Make sure = you specify Domain Name Servers (DNS) addresses! 6. Check connectivity between your other computers and the FreeBSD gateway/router by pinging it. 7. Finally try pinging www.freebsd.org - congrats if you get a = response! If not, all I can say is keep reading the man pages and if all else = fails send an e-mail to the freebsd-questions mailing list with the contents = of your rc.conf and output of ifconfig and netstat -rn and almost certainly somebody will help you out like they helped me out. Good luck and thanks again to the FreeBSD community for all your help - = I'm sure it won't be long before I'm asking for help configuring my = firewall. Jim C.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000601c47059$55ef6890$6e01a8c0>