Router/Gateway
Sunil Sunder Raj
unixtools at hotmail.com
Sat Dec 13 00:11:09 PST 2003
Hi,
This is what I usually do.
Here ISPIP is the IP your ISP gave you.
COMPILE FIREWALL WITH
cd /usr/src/sys/i386/conf
cp GENERIC GATEWAY
vi GATEWAY
ident GATEWAY
#ADDED BY SSR STARTS
#TO ENABLE FIREWALL
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=0
#ID FIELDS IN IP ADDRESS TO BE RANDOM INSTEAD OF INCREMENTAL
options RANDOM_IP_ID
#NATTING
options IPDIVERT
#FOR BANDWIDTH THROTTLING
options DUMMYNET
#ADDED BY SSR ENDS
config -r GATEWAY
cd ../../compile/GATEWAY
make depend
make
make install
reboot
Edit /etc/sysctl.conf
net.inet.ip.forwarding=1
net.inet.ip.check_interface=1
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
net.inet.tcp.log_in_vain=2
net.inet.udp.log_in_vain=1
Edit /etc/ipnat.conf
map vr0 10.0.0.1/24 -> ISPIP/32 portmap tcp/udp 10000:60000
map vr0 10.0.0.1/24 -> ISPIP/32
Edit /etc/rc.conf
gateway_enable="YES"
ifconfig_rl0="inet ISPIP netmask 255.255.255.0"
ifconfig_vr0="inet 10.0.0.1 netmask 255.255.255.0"
firewall_enable="YES" # Set to YES to enable firewall functionality
firewall_script="/etc/rc.firewall" # Which script to run to set up the
firewall
firewall_type="open" # Firewall type (see /etc/rc.firewall)
firewall_flags="" # Flags passed to ipfw when type is a file
natd_program="/sbin/natd" # path to natd, if you want a different one.
natd_enable="YES" # Enable natd (if firewall_enable == YES).
natd_interface="rl0" # Public interface or IPaddress to use.
Edit /etc/ipf.rules
pass in all
pass out all
R E B O O T
Regards
SSR
>From: horio shoichi <bugsgrief at bugsgrief.net>
>To: "Extech" <extech at dod.co.za>
>CC: questions at FreeBSD.org
>Subject: Re: Router/Gateway
>Date: Sat, 13 Dec 2003 14:31:48 +0900
>
>On Thu, 11 Dec 2003 13:45:56 +0200
>"Extech" <extech at dod.co.za> wrote:
> > Hello
> >
> > I have looked through the archives and I have read the manual (Advance
>Networking) but could not find specific to address my question.
> >
> > I want to set up a FreeBSD 5.x box as a router/gateway on a permanent
>connection with a fixed IP address,
> > there will also be other machines with fixed IP addresses (not
>192.168.x.x but proper IP's)
> > on this network.
> >
> > something like this:
> >
> > To internet exchange on T1 Leased Line
> > |
> > |
> > | dc0 (196.x.x.1)
> > ---------
> > FreeBSD
> > router/
> > gateway
> > ---------
> > | lr0
> > |
> > |
> > |
> > ---------
> > switch/hub
> > ---------
> > | |
> > | |
> > 196.x.x.2 | | 196.x.x.3
> > -------- --------
> > Server 1 Server 2
> > -------- --------
> >
> >
> > Obviously I have to have two network cards in the router/gateway (dc0
>and lr0),
> > I assume that I will configure dc0 with my fixed IP, but what do I do
>with lr0?
> >
> > Can somebody please point me in the right direction.
> >
> > Thanks
> > extech
> >
> >
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
>"freebsd-questions-unsubscribe at freebsd.org"
> >
>
>A popular solution is the route/gateway not have ip addresses that belong
>to
>allocated global ips, and use bridge configuration.
>
>If bridging is inadequate in your case, the thing pretty much depends on
>the "cloud" one hop away from dc0 interface. Describe it (modem/router,
> configuable/not, etc).
>
>
>horio shoichi
>
>_______________________________________________
>freebsd-questions at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to
>"freebsd-questions-unsubscribe at freebsd.org"
_________________________________________________________________
Don’t miss out on jobs that are not advertised.
http://go.msnserver.com/IN/38902.asp Post your CV on naukri.com today.
More information about the freebsd-questions
mailing list