(Yet Another) Home Networking Question

Rishi Chopra rchopra at cal.berkeley.edu
Mon Jan 12 18:19:30 PST 2004 

Perhaps someone can help me with this small part of rc.firewall:

[Ss][Ii][Mm][Pp][Ll][Ee])
        ############
        # This is a prototype setup for a simple firewall.  Configure this
        # machine as a named server and ntp server, and point all the 
machines
        # on the inside at this machine for those services.
        ############

        # set these to your outside interface network and netmask and ip
        oif="ed0"
        onet="192.0.2.0"
        omask="255.255.255.0"
        oip="192.0.2.1"

        # set these to your inside interface network and netmask and ip
        iif="ed1"
        inet="192.0.2.1"
        imask="255.255.255.0"
        iip="192.0.2.17"

I'm curious about the difference between 'inet' and 'iip', what each one 
stands for, and how to configure 'onet/oip' if the outside interface 
network is configured via DHCP.

I'm also curious about this little snippet (under the 'simple' profile):

        # Everything else is denied by default, unless the
        # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel
        # config file.

What happens if this option is set in my kernel config file?  Can I 
safely comment out this line and use the 'simple' profile without 
affecting natd?


Subhro wrote:

>Hi Rishi,
>
>You have to forward the ports required by WinVNC on the FreeBSD Gateway.
>Have you compiled IPDIVERT in your kernel? Read the ipfw manpages to find
>out how to forward ports.
>
>Regards
>Subhro
>
>Subhro Sankha Kar
>Indian Institute of Information Technology
>Block AQ-13/1, Sector V
>Salt Lake City
>PIN 700091
>India
>-----Original Message-----
>From: owner-freebsd-questions at freebsd.org
>[mailto:owner-freebsd-questions at freebsd.org] On Behalf Of Rishi Chopra
>Sent: Sunday, January 11, 2004 1:42 PM
>To: Mike Maltese
>Cc: questions at freebsd.org
>Subject: Re: (Yet Another) Home Networking Question
>
>I was able to get my network up and running with the suggestions below.
>To review, my setup is the following:
>
>ISP         FreeBSD Gateway         Win2k Box
>
> >----------rl0--------------rl1-------------------<
>ALL         DHCP  192.168.0.1       192.168.0.2
>
>rl0 is connected to the modem by ethernet and set for DHCP, the ISP's
>method of address asignment. rl1 is the second NIC in the BSD box, and
>is connected by crossover cable to the Win2k box. FreeBSD box and Win2k
>box can successfully ping each other, and both FreeBSD box and Win2k
>have working internet access.  Everything is running A-OK.
>
>If I wish to host WinVNC on the Win2k box, do I need to make any changes
>to the Gateway?  Specifically, WinVNC requires the Win2k box to be
>listening on 5800 and 5900; I have opened these ports (and these ports
>only) on the Win2k box.  Do I need to change rc.conf or any other files
>on the gateway to specify that all incoming connections on 5800 and 5900
>be forwarded from rl0 to rl1?  Am I gonna have to step up to IPFW (yuck!) ??
>
>Thanks,
>Rishi
>
>Mike Maltese wrote:
>
>  
>
>>>(1) in /etc/rc.conf, I added the following
>>> natd_enable="YES"
>>> natd_interface="rl0" ### public interface connected to cable modem
>>> gateway_enable="YES"
>>> defaultrouter="192.168.0.1" ###  LAN machines use this
>>> ifconfig_rl0="DHCP"  ### Astound uses dhcp
>>> ifconfig_rl1="inet 192.168.0.1 netmask 255.255.255.0" ### use for LAN
>>> hostname="idfubar.dyndns.org"
>>>
>>>
>>>      
>>>
>>As a first step, try adding these lines to rc.conf:
>>
>>firewall_enable="YES"
>>firewall_type="open"
>>
>>This will enable diversion of all traffic to natd. Read the man pages for
>>natd and ipfw and
>>http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html
>>for more information.
>>
>>The easiest way to reinitialize the system is to type "shutdown now". This
>>will drop you into single user mode. Press return when prompted for a
>>    
>>
>shell.
>  
>
>>Hit Ctrl+D and the rc system will be run through and put you back into
>>multi-user mode. Check for connectivity from the router and the Windows
>>    
>>
>box.
>  
>
>>As a side note, you can delete the defaultrouter entry. That's for your
>>FreeBSD box, not LAN clients. It's getting reset by dhclient when it gets
>>lease information from your ISP's DHCP server anyway.
>>
>>
>>
>>
>>    
>>
>
>_______________________________________________
>freebsd-questions at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
>
>
>
>
>  
>

More information about the freebsd-questions mailing list