On Tue, Oct 14, 2008 at 04:55:11AM -0400, Michael Powell wrote:
> Manish Jain wrote:
> > 
> > Hi,
> > 
> > I am poor at networking and need a little bit of help. My dad has a
> > Windows 2000 machine with a network card but does not have a connection
> > to the internet. My freebsd 6.2 box is connected to the internet and has
> > 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is
> > directly connected via a long Ethernet cable to the NIC on my dad's
> > machine. While I can access the internet easily, I want my dad to be
> > able to connect to the internet with my freebsd box serving as the
> > gateway. Can anyone please explain to me in easy steps how to accomplish
> > this ?
> > 
> Although to many old-timers this is easily achieved, to someone new to
> networking it is difficult to explain it in "easy steps". It involves a set
> of pieces that have to fit together correctly in order to work. You will
> need to do some proper reading on the underlying concepts first.
> First, establish that there exists basic network connectivity between your
> machine and your dads. You may need to use a crossover cable. You will want
> to assign a static IP address in the "Private" IP space range to your rl1
> interface. This is also known as RFC 1918. You will also want to manually
> configure a static IP on your dad's machine that is in the same network,
> instead of allowing it to come up on the link.local of 169.254.x.x. An
> example would be your rl1 == netmask and your
> dad's machine == netmask For DNS at this stage
> you can use hosts files on each host for name resolution. Ensure that each
> machine can be ping'd by the other.
> Next, you will want to configure your FreeBSD machine as a NAT gateway. In
> your /etc/rc.conf you will want something like gateway_enable="YES" and
> some form of firewall initialization[1]. The gateway_enable is what allows
> the forwarding of packets between your rl0 and your rl1, but the activation
> of NAT functionality is usually a function contained within a firewall. So
> conceptually, the firewall will be "in between" rl0 and rl1.
> There are three different firewalls you can choose from. Configuring the
> firewall is usually where the inexperienced get stuck. This subject
> material is beyond the scope of this missive, and you would do well to
> start reading in the Handbook. But essentially, when you configure NAT in
> the firewall your rl0 (connected to the ISP) will be assigned a "Public" IP
> address and the NAT function will translate between "Public" and "Private".
> The next sticky point that will happen, should you get this far, is name
> resolution. You will want to place the IP addresses of the name servers of
> your ISP in your /etc/resolv.conf. You will also want to enter these into
> the TCP configuration of your dad's machine. In addition, on your dad's
> machine you will enter the IP address you used on your rl1 as the "default
> route".
> The subject is much too broad for exhaustive coverage here. If your
> DSL/Cable modem has router ports on it, it might just be easier to plug
> your dad's machine up there and forget about all of this. Much reading will
> be required of you, and once you know most of it then you will know what
> specific questions to ask when you encounter sticking points. This is
> intended only as a very generic form of overview.
> -Mike
> [1] For example, a couple of lines from my /etc/rc.conf:
> pf_enable="YES"
> pf_rules="/etc/pf.conf"
> pf_flags="-e"
> pflog_enable="YES"
> pflog_logfile="/var/log/pflog"
> pflog_flags=""
> and the NAT line from my /etc/pf.conf:
> nat on $ExtIF inet from $INTERNAL to any -> ($ExtIF)
> Please note that these are for illustrative purposes only, and by themselves
> will do nothing for your specific situation. There is much more that you
> will have to dig out of the documentation, understand, and configure
> appropriately.

Doesn't he need to also set sysctl net.inet.ip.forwarding=1 for his
box to act as a gateway?  Or is this handled by the NAT portion?

| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to