From owner-freebsd-newbies@FreeBSD.ORG Fri Jul 23 02:04:27 2004 Return-Path: Delivered-To: freebsd-newbies@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 30AE716A4CE for ; Fri, 23 Jul 2004 02:04:27 +0000 (GMT) Received: from lakermmtao06.cox.net (lakermmtao06.cox.net [68.230.240.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id 94E2243D55 for ; Fri, 23 Jul 2004 02:04:26 +0000 (GMT) (envelope-from james.coulter@cox.net) Received: from sabrina ([68.105.58.150]) by lakermmtao06.cox.net (InterMail vM.6.01.03.02.01 201-2131-111-104-103-20040709) with ESMTP id <20040723020424.YFMZ9340.lakermmtao06.cox.net@sabrina> for ; Thu, 22 Jul 2004 22:04:24 -0400 From: "James A. Coulter" To: Date: Thu, 22 Jul 2004 21:04:06 -0500 Message-ID: <000601c47059$55ef6890$6e01a8c0@sabrina> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.6626 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Subject: Newbie Success Story - FreeBSD LAN/WAN Gateway Setup X-BeenThere: freebsd-newbies@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Gathering place for new users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jul 2004 02:04:27 -0000 Even though I discovered and installed FreeBSD for the first time over = two years ago, I was never able to figure out how to get a computer running FreeBSD to act as a gateway to the WAN for my small home LAN. Like many people raised on Windows, I was impatient and never researched = the technical data fully, instead searching the mailing lists in the hopes = of finding an easy answer. Even after purchasing Greg Lehey's excellent "The Complete FreeBSD" and Annelise Anderson's "FreeBSD: An Open-Source Operating System for your Personal Computer" I was still getting nowhere and still getting = frustrated. Finally, I asked the FreeBSD-questions list what I was doing wrong and = got almost instant feedback: turn Network Address Translation on. In other words, your FreeBSD box must not only act as a gateway to the internet, but as a router, too. All these years of letting Windows wizards do the heavy lifting for me = had left me dumb and lazy. I thought that enabling the gateway (gateway_enable=3D"YES") in the rc.conf was all I needed to do. Well, it's not and in case another newbie, making the transition from Windows to FreeBSD gets here after typing "FreeBSD gateway" into google, here's a very quick list of what you'll need to do to get your new = FreeBSD box to pass packets back and forth between the Internet and your home = LAN: 1. You'll need two nics in your FreeBSD gateway/router box - one = connected to your modem (the WAN) and one connected to your hub (the LAN) 1. Build a custom kernel with the following options included: options IPFIREWALL options IPDIVERT You can find instructions on building a custom kernel in Chapter 8 of = the FreeBSD Handbook (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/index.html). = (A word to the wise - if it doesn't work the first time, start over and = make only a few changes to the GENERIC kernel at a time, re-compiling and re-installing after each change until you get it where you want it) 2. Create a file in /etc and name it rc.nat. Put the following lines = in it: /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via (your WAN nic, i.e. dc0 or maybe ed1) /sbin/ipfw add pass all from any to any 3. Add (or change) the following in /etc/rc.conf ifconfig_(WAN nic) =3D "DHCP" (assuming your ISP provides you with a dynamic IP address) =09 ifconfig_(LAN nic) =3D "inet XXX.XXX.X.XXX netmask 255.255.255.0" (I used 192.168.1.1) gateway_enable=3D"YES" firewall_enable=3D"YES" firewall_script=3D"/etc/rc.nat" firewall_type=3D"OPEN" natd_enable=3D"YES" natd_interface=3D"(WAN nic)" natd_flags=3D"-dynamic" (WARNING: All though this configuration enables your firewall, it also = sets it wide open which means in effect it is not operating and you're not getting any protection. Firewall configuration is my next FreeBSD goal. = . .) 4. Execute the following (as a superuser): /etc/netstart 5. Check connectivity to the Internet by running ifconfig and ensuring = both your nics are up and your ISP has assigned an IP address to your WAN = nic. PING www.freebsd.org to make sure you're REALLY connected to the = internet. . . 6. Configure the other computers on you LAN with static IP addresses in = the same subnet as your LAN nic (my LAN nic's IP address is 192.168.1.1, the WinXP machine I am typing this e-mail on is 192.168.1.101). Make sure = you specify Domain Name Servers (DNS) addresses! 6. Check connectivity between your other computers and the FreeBSD gateway/router by pinging it. 7. Finally try pinging www.freebsd.org - congrats if you get a = response! If not, all I can say is keep reading the man pages and if all else = fails send an e-mail to the freebsd-questions mailing list with the contents = of your rc.conf and output of ifconfig and netstat -rn and almost certainly somebody will help you out like they helped me out. Good luck and thanks again to the FreeBSD community for all your help - = I'm sure it won't be long before I'm asking for help configuring my = firewall. Jim C.