Routing 4 network cards for wirless network

Tony Frank tfrank at optushome.com.au
Sun Feb 8 03:39:30 PST 2004 

Hi there,

On Fri, Feb 06, 2004 at 12:27:05AM +0100, Sjaak Nabuurs wrote:

> I hoop the drawing is readable !
[... snip of drawing :) ...]

> The Facts :
> OS FreeBSD 5.2 (is it stable for this problem or better to use 4.x)
> With 4 nic's inside

Personally I use 4.9-STABLE for my home gateway.
If you need a feature (or driver) only in newer release I'd start with 5.2.1.

> RL0 =  192.168.0.1  
> RL1 =  192.168.1.1
> RL2 =  192.168.2.1
> RL4 =  192.168.3.1
> I like to connect RL1/2/3 to RL0 (internet)
> I like to have a start how to setup FreeBSD 1

I assume you are referring to 'ipfw1' as you already mentioned you have FreeBSD 5.2.

> I like to use dummynet(compiled and works very nice) to manage traffic let's say 
> 192.168.3.1/26   100Kb/s 
> 192.168.3.64/26  200Kb/s 
> 192.168.3.128/26 300Kb/s
> 192.168.3.192/26 400Kb/s
> Count every user with ipfw count
> 
> ---------------------------
> #!/usr/local/bin/bash
> for ((a=2; a<=254; a++))
> do
> IPCOUNT = "10"$a"0 add count tcp from 192.168.3.$a to any"
> ipfw $IPCOUNT 
> done
> ----------------------------

Personally I would add these type of rules near the start of the ruleset, also will only count TCP packets this way.
May want to use "count all from x to any" to match udp etc as well.

You might also find it's easier to just setup the dummynet pipes and use them for accounting purpose.
That's not really an area I've dealt with much so far.

> Give me a good hint how to set this up with ipfw and NAT
> I googled many but ther's not that much about information about 3 or more nic with freeBSD.
> I think I have to use NAT, but can i use it in combination with ipfw to dummynet out/ingoing traffic over the nic RL1/2/3
> And how can i "HOME1" go accross the whole network RL0/2/3 

Make your default gateway 192.168.0.138.
Your easiest option is to enable NATD, make RL0 the natd interface and then review the /etc/rc.firewall script.
Specifically start with the 'simple' section of the script.
You will need to extend the rules to include all three 'inside' interfaces & IP ranges.
You will also need to permit any 192.168.0.0/24 traffic through interface RL0.

Can try looking in the freebsd-ipfw archives as well for some ideas.

Personally I would recommend ipfw2 as it supports many new features.

Regards,

Tony

More information about the freebsd-net mailing list