Date: Sat, 8 Aug 2009 19:32:30 -0700 From: Nerius Landys <nlandys@gmail.com> To: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Building home router: 192.168.0.x to access internet Message-ID: <560f92640908081932s69ae225mb3c55fef47a4924b@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I'm setting up my FreeBSD computer (which has multiple NICs) to act as a home router (and DNS server and a few other things, but that's not important for this email). I have done this before, but then my hard drive broke and I have to do this all again. So, I have a few questions just to confirm that my approach to this problem is going to be the optimal one that I can take. First, my choise of internal network IP addresses is 192.168.0.x. My router machine's IP address will be 192.168.0.254 (that's the interface facing the internal network). The IP addresses of the machines behind the router will start at 192.168.0.2 and go up. I'm wondering if this choice of IP addresses is conventional or good. Is this numbering scheme decent? This is the way I had it set up earlier. I've seen a lot of networks using 192.168.1.x and the router would be 192.168.1.1. So now to the problem of being able to connect from a 192.168.0.x machine to an outside IP address. The way I did this before was by adding 'gateway_enable="YES"' to /etc/rc.conf and then using the OpenBSD packet filter (pf) to do a NAT thing. I'm wondering if this, in your opinion, is the preferred way to do things in order to set up an internal network which can access the outside internet directly. If so, can someone give me a really minimal yet secure packet filter rule set that would do the job? (I'm prepared to read the pf docs, which will take me a few hours.) The router will connect to the outside via DHCP, and from what I remember I had to add a rule to not drop packets that were DHCP-related.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?560f92640908081932s69ae225mb3c55fef47a4924b>