Network configuration

Nathan Kinkade nkinkade at ub.edu.bz
Thu Jul 8 12:14:14 PDT 2004 

On Thu, Jul 08, 2004 at 05:10:28PM +0200, Terrence Koeman wrote:
> Hi,
> 
> I have been busy setting up a network the last 3 days, but I cannot get it
> working.
> 
> Basically I have no clue what has to be setup etc. and if I need bridging or
> not.
> 
> The situation is as follows:
> 
>                     --------------
>                     | SDSL Modem |
>                     |  Bridged   |
>                     --------------
>                        |
>                 --------------------------
>                 |    xl0: 217.1.1.155    |
>                 |                        |
>                 |    Freebsd Box         |
>                 |                        |
>                 |           xl1          |
>                 --------------------------
>                              |    
>                          ----------
>          |---------------| SWITCH |---------------|
>          |               ----------               |
>          |                    |                   |
> ------------------- ------------------- -------------------
> | C1: 217.1.1.156 | | C2: 217.1.1.157 | | C3: 217.1.1.158 |
> ------------------- ------------------- -------------------
> 
> 
> The FreeBSD box has full internet connectivity and I can also get NAT
> working, but the thing is that I need those non-private IP's bound to the
> clients and I need ipfw between the clients and the modem. Also I need the
> FreeBSD machine to have a non-private IP address. I have no clue as to
> getting the packets from those clients to the internet. I tried bridging xl0
> and xl1 and using 217.1.1.155 as gateway, but that didn't work.
> 
> Maybe someone that knows how to do something like this can shed some light
> on it for me?
> 
> Thanks in advance.
> 
> -- 
> Regards,
> Terrence Koeman

You could make the FreeBSD box a bridge and still use IFPW.  It really
depends on whether you will have other clients that will NOT have public
IP addresses that will need NAT - you don't specify whether this is the
case.  For FreeBSD to be setup as a bridge/IPFW machine you will
minimally need a kernel compiled with the following options:

options         IPFIREWALL
options         BRIDGE

After you have built and installed this kernel add the following entries
to /etc/sysctl.conf:

net.link.ether.bridge=1
net.link.ether.bridge_cfg=xl0,xl1
net.link.ether.bridge_ipfw=1
net.inet.ip.fw.enable=0

You will probably want to add the following lines to /etc/rc.conf so
that some IPFW rules will be loaded at boot:

firewall_enable="YES"
firewall_type="<your fw type>"

Read the firewall(7) manpage for more information.

If you don't have console access to the FreeBSD machine beware that the
default rule is to deny packets.  Therefore if you build IPFW into the
kernel and don't allow for some basic rules to be added at boot you will
likely be locked out from anything but console access.

Nathan
-- 
PGP Public Key: pgp.mit.edu:11371/pks/lookup?op=get&search=0xD8527E49
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040708/7a44bf81/attachment.bin

More information about the freebsd-questions mailing list