On Tue, Oct 14, 2008 at 04:55:11AM -0400, Michael Powell wrote: > Manish Jain wrote: > > > > > Hi, > > > > I am poor at networking and need a little bit of help. My dad has a > > Windows 2000 machine with a network card but does not have a connection > > to the internet. My freebsd 6.2 box is connected to the internet and has > > 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is > > directly connected via a long Ethernet cable to the NIC on my dad's > > machine. While I can access the internet easily, I want my dad to be > > able to connect to the internet with my freebsd box serving as the > > gateway. Can anyone please explain to me in easy steps how to accomplish > > this ? > > > > Although to many old-timers this is easily achieved, to someone new to > networking it is difficult to explain it in "easy steps". It involves a set > of pieces that have to fit together correctly in order to work. You will > need to do some proper reading on the underlying concepts first. > > First, establish that there exists basic network connectivity between your > machine and your dads. You may need to use a crossover cable. You will want > to assign a static IP address in the "Private" IP space range to your rl1 > interface. This is also known as RFC 1918. You will also want to manually > configure a static IP on your dad's machine that is in the same network, > instead of allowing it to come up on the link.local of 169.254.x.x. An > example would be your rl1 == 192.168.10.1 netmask 255.255.255.0 and your > dad's machine == 192.168.10.2 netmask 255.255.255.0. For DNS at this stage > you can use hosts files on each host for name resolution. Ensure that each > machine can be ping'd by the other. > > Next, you will want to configure your FreeBSD machine as a NAT gateway. In > your /etc/rc.conf you will want something like gateway_enable="YES" and > some form of firewall initialization. The gateway_enable is what allows > the forwarding of packets between your rl0 and your rl1, but the activation > of NAT functionality is usually a function contained within a firewall. So > conceptually, the firewall will be "in between" rl0 and rl1. > > There are three different firewalls you can choose from. Configuring the > firewall is usually where the inexperienced get stuck. This subject > material is beyond the scope of this missive, and you would do well to > start reading in the Handbook. But essentially, when you configure NAT in > the firewall your rl0 (connected to the ISP) will be assigned a "Public" IP > address and the NAT function will translate between "Public" and "Private". > > The next sticky point that will happen, should you get this far, is name > resolution. You will want to place the IP addresses of the name servers of > your ISP in your /etc/resolv.conf. You will also want to enter these into > the TCP configuration of your dad's machine. In addition, on your dad's > machine you will enter the IP address you used on your rl1 as the "default > route". > > The subject is much too broad for exhaustive coverage here. If your > DSL/Cable modem has router ports on it, it might just be easier to plug > your dad's machine up there and forget about all of this. Much reading will > be required of you, and once you know most of it then you will know what > specific questions to ask when you encounter sticking points. This is > intended only as a very generic form of overview. > > -Mike > >  For example, a couple of lines from my /etc/rc.conf: > > pf_enable="YES" > pf_rules="/etc/pf.conf" > pf_flags="-e" > pflog_enable="YES" > pflog_logfile="/var/log/pflog" > pflog_flags="" > > and the NAT line from my /etc/pf.conf: > > nat on $ExtIF inet from $INTERNAL to any -> ($ExtIF) > > Please note that these are for illustrative purposes only, and by themselves > will do nothing for your specific situation. There is much more that you > will have to dig out of the documentation, understand, and configure > appropriately.
Doesn't he need to also set sysctl net.inet.ip.forwarding=1 for his box to act as a gateway? Or is this handled by the NAT portion? -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"