Date: Wed, 3 May 2000 11:41:58 -0500 (CDT) From: Brennan W Stehling <brennan@offwhite.net> To: Ryan Thompson <ryan@sasknow.com> Cc: rpingel@snafu.de, freebsd-questions@FreeBSD.ORG Subject: Re: FreeBSD & DSL Message-ID: <Pine.BSF.4.10.10005031128320.47355-100000@home.offwhite.net> In-Reply-To: <Pine.BSF.4.21.0005031012000.13246-100000@ren.sasknow.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I got this working with my home network rather easily, after I read the right material. First off, I do not use natd directly. I use the ipnat system to do all of the work. http://www.FreeBSDdiary.org/ipnat.html http://www.FreeBSDdiary.org/natrules.html Those two pages will help you a great deal. I work at home with a DSL coming in and connecting to my FreeBSD box. I have two ethernet cards in there. One talks to the outside world and one talks to my private network. So far I have only one computer, an iMac, on the network via a 3Com hub with 8 ports. With ipfw and ipnat running I am able to use telnet, ssh, ftp and quicktime streaming right away, although I had to run autoconfigure inside quicktime to get around the firewall. My setup... The outside NIC talks to the outside router while my inside address for the FreeBSD box, acting as a gateway, is 192.168.1.2, a private IP. The config lines in /etc/rc.conf are... network_interfaces="xl0 xl1 lo0" ifconfig_xl0="inet 192.168.1.2 netmask 255.255.255.0" ifconfig_xl1="inet 216.127.196.249 netmask 255.255.255.0" In addition to that I have the following lines for firewall and natd. firewall_enable="YES" # Set to YES to enable firewall functionality firewall_type="open" # open, client, simple (/etc/rc.firewall) natd_enable="NO" # Enable natd (if firewall_enable == YES). natd_interface="xl1" # Public interface or IPaddress to use. gateway_enable="YES" # Set to YES if this host will be a gateway. I do not have natd enabled. Instead I have added the following lines to /etc/rc.local echo -n " ipnat" ipnat -f /etc/natrules The contents of /etc/natrules are... map xl1 192.168.1.0/16 -> 0.0.0.0/32 portmap tcp/udp 40000:65000 map xl1 192.168.1.0/16 -> 0.0.0.0/32 In order to get this to work I also had to turn on some support in the kernel. The line I added to my kernel config is... options IPFILTER I had other options like IPFIREWALL and MROUTING turned on, but turned them off to see if they were not necessary. It turns out that I did not need them for what I do now. I have not really learned everything about those options yet. I hope this helps. Just read those two web pages carefully as they will provide key details that get you out of a jam. Brennan Stehling - web developer and sys admin projects: www.greasydaemon.com | www.onmilwaukee.com | www.sncalumni.com fortune: Steele's Plagiarism of Somebody's Philosophy: Everybody should believe in something -- I believe I'll have another drink. On Wed, 3 May 2000, Ryan Thompson wrote: > CC'ed freebsd-questions@freebsd.org > Please CC all recipients when replying. > > > rpingel@snafu.de wrote to Ryan Thompson: > > > Hello Ryan Thompson > > > > thanks for your quick answer. > > > > The DSL-Modem is externally and connected through a NIC and ethernet cabling. > > > > Current configuration: > > > > DSL-Modem <--> Win NT Workstation <--> internal Net > > | ( two NIC's ) ( Server and Workstations ) > > | > > \- IP over DHCP > > > > New Configuration: > > > > DSL-Modem <--> FreeBSD 3.3 <--> internal Net > > | ( two NIC's ) ( Server and Workstations ) > > | ( Firewall IPFW, NATD ) > > | > > \- IP fixed or over DHCP > > It sounds like a relatively simple setup. You have two interfaces... One > configured with DHCP (or with a static address), and the other configured > on an RFC 1918 address (say, 10.0.0.1). The "Server" on your internal net > could be assigned 10.0.0.2. The workstations could be assigned 10.0.0.3, > etc. > > Do you want to enable Internet access for the Workstations? With NAT, it > becomes difficult, since you have ONE public address and many private > addresses. When packets come in, it is difficult for the NAT machine to > determine which machine to route them to. (Since they will be coming in > for only one public IP--RFC 1918 addresses are NOT routable through > external equipment). So, if you do only have one public IP address, you > are going to have to have fun with port based NAT, proxying, and numerous > redirects, depending on the services that you wish to allow through with > IPFW. > > What (in detail) do you need to allow through on the workstations? Do you > plan to SERVE any requests for these services (either on the FreeBSD > machine, or the internal server, or even on the workstations?) Sharing > one IP between many computers (more than three, in your case) doesn't work > well if the machines share common services, like http or ftp for example. > > Virtually yours, > - Ryan Thompson > > -- > Ryan Thompson <ryan@sasknow.com> > Systems Administrator, Accounts > Phone: +1 (306) 664-1161 > > SaskNow Technologies http://www.sasknow.com > #106-380 3120 8th St E Saskatoon, SK S7H 0W2 > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10005031128320.47355-100000>