Manish Jain wrote:
Hi,
I am poor at networking and need a little bit of help. My dad has a
Windows 2000 machine with a network card but does not have a
connection
to the internet. My freebsd 6.2 box is connected to the internet and
has
2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is
directly connected via a long Ethernet cable to the NIC on my dad's
machine. While I can access the internet easily, I want my dad to be
able to connect to the internet with my freebsd box serving as the
gateway. Can anyone please explain to me in easy steps how to
accomplish
this ?
Although to many old-timers this is easily achieved, to someone new to
networking it is difficult to explain it in "easy steps". It involves
a set
of pieces that have to fit together correctly in order to work. You will
need to do some proper reading on the underlying concepts first.
First, establish that there exists basic network connectivity between
your
machine and your dads. You may need to use a crossover cable. You will
want
to assign a static IP address in the "Private" IP space range to your
rl1
interface. This is also known as RFC 1918. You will also want to
manually
configure a static IP on your dad's machine that is in the same network,
instead of allowing it to come up on the link.local of 169.254.x.x. An
example would be your rl1 == 192.168.10.1 netmask 255.255.255.0 and your
dad's machine == 192.168.10.2 netmask 255.255.255.0. For DNS at this
stage
you can use hosts files on each host for name resolution. Ensure that
each
machine can be ping'd by the other.
Next, you will want to configure your FreeBSD machine as a NAT
gateway. In
your /etc/rc.conf you will want something like gateway_enable="YES" and
some form of firewall initialization[1]. The gateway_enable is what
allows
the forwarding of packets between your rl0 and your rl1, but the
activation
of NAT functionality is usually a function contained within a
firewall. So
conceptually, the firewall will be "in between" rl0 and rl1.
There are three different firewalls you can choose from. Configuring the
firewall is usually where the inexperienced get stuck. This subject
material is beyond the scope of this missive, and you would do well to
start reading in the Handbook. But essentially, when you configure NAT
in
the firewall your rl0 (connected to the ISP) will be assigned a
"Public" IP
address and the NAT function will translate between "Public" and
"Private".
The next sticky point that will happen, should you get this far, is name
resolution. You will want to place the IP addresses of the name
servers of
your ISP in your /etc/resolv.conf. You will also want to enter these
into
the TCP configuration of your dad's machine. In addition, on your dad's
machine you will enter the IP address you used on your rl1 as the
"default
route".
The subject is much too broad for exhaustive coverage here. If your
DSL/Cable modem has router ports on it, it might just be easier to plug
your dad's machine up there and forget about all of this. Much reading
will
be required of you, and once you know most of it then you will know what
specific questions to ask when you encounter sticking points. This is
intended only as a very generic form of overview.
-Mike
[1] For example, a couple of lines from my /etc/rc.conf:
pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags="-e"
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pflog_flags=""
and the NAT line from my /etc/pf.conf:
nat on $ExtIF inet from $INTERNAL to any -> ($ExtIF)
Please note that these are for illustrative purposes only, and by
themselves
will do nothing for your specific situation. There is much more that you
will have to dig out of the documentation, understand, and configure
appropriately.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]
"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
