FreeBSD Gateway, Crossover
Hello, I'm trying to setup a small home network, It consists of my FreeBSD 9.0-RC2 box connected to my modem (just a modem, not modem/router) and two other systems connected directly via ethernet to the freebsd box. I'm able to connect to the internet with the FreeBSD box. I can get an IP via DHCP from my ISP. However, I can't seem to figure out how to setup the gateway routes and the IP addresses for the other system. I'd like to have the internal network be on 192.168.1.0/24. I have 2x 2-port NICs in the freebsd box. em0 - Internet - 1.2.3.4 em1 - System1 - 192.168.1.1 em2 - System2 - 192.168.1.2 I'm kindof lost here. I've played with it a bit, trying to set 192.168.1.0/24 on em1 and em2, then setting the specific IP address on system1 and system2 respectively. I've also tried manually adding routes from 192.168.1.0/24 to 1.2.3.4 (my external IP) to no avail. The system1/2 boxes cannot ping the freebsd box, nor vise-versa. That implies it's not a routing problem, but a problem with the systems getting a proper IP address. Anyone have any tips? Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Gateway, Crossover
Hello, El día Sunday, December 04, 2011 a las 01:21:58PM -0500, APseudoUtopia escribió: Hello, I'm trying to setup a small home network, It consists of my FreeBSD 9.0-RC2 box connected to my modem (just a modem, not modem/router) and two other systems connected directly via ethernet to the freebsd box. I'm able to connect to the internet with the FreeBSD box. I can get an IP via DHCP from my ISP. However, Does this mean that you do PPP via the modem? If so, you should have some interface tunN with the IP assigned by the ISP. I can't seem to figure out how to setup the gateway routes and the IP addresses for the other system. you must enable gateway in the rc.conf file with: gateway_enable=YES I'd like to have the internal network be on 192.168.1.0/24. I have 2x 2-port NICs in the freebsd box. em0 - Internet - 1.2.3.4 em1 - System1 - 192.168.1.1 em2 - System2 - 192.168.1.2 if you connect the two other boxes directly to the NICs of FreeBSD you must use crossover cables and should assign to each connection a separate network; or you connect all three boxes via a HUB or switch in only one network; the other boxes should have the FreeBSD as default gateway in their routing and in the FreeBSD you must use IPF and IPNAT to hide your network(s) behind the tunN interface's IP addr; I do this at home too having attached by Linux based cellphone via USB networking and this has access to Internet through the FreeBSD laptop; HIH matthias -- Matthias Apitz e g...@unixarea.de - w http://www.unixarea.de/ UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Gateway, Crossover
On 04/12/2011 18:43, Matthias Apitz wrote: I'd like to have the internal network be on 192.168.1.0/24. I have 2x 2-port NICs in the freebsd box. em0 - Internet - 1.2.3.4 em1 - System1 - 192.168.1.1 em2 - System2 - 192.168.1.2 if you connect the two other boxes directly to the NICs of FreeBSD you must use crossover cables and should assign to each connection a separate network; or you connect all three boxes via a HUB or switch in only one network; Or create a bridge spanning em1 and em2 -- this will make your FreeBSD box act pretty much like a network switch for the two client machines. You can get away with standard cables if all the NICs involved support auto-MDIX. em(4) should, but it depends on your other kit. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: FreeBSD Gateway, Crossover
From: APseudoUtopia apseudouto...@gmail.com Hello, I'm trying to setup a small home network, It consists of my FreeBSD 9.0-RC2 box connected to my modem (just a modem, not modem/router) and two other systems connected directly via ethernet to the freebsd box. I'm able to connect to the internet with the FreeBSD box. I can get an IP via DHCP from my ISP. However, I can't seem to figure out how to setup the gateway routes and the IP addresses for the other system. I'd like to have the internal network be on 192.168.1.0/24. I have 2x 2-port NICs in the freebsd box. em0 - Internet - 1.2.3.4 em1 - System1 - 192.168.1.1 em2 - System2 - 192.168.1.2 I'm kindof lost here. I've played with it a bit, trying to set 192.168.1.0/24 on em1 and em2, then setting the specific IP address on system1 and system2 respectively. I've also tried manually adding routes from 192.168.1.0/24 to 1.2.3.4 (my external IP) to no avail. The system1/2 boxes cannot ping the freebsd box, nor vise-versa. That implies it's not a routing problem, but a problem with the systems getting a proper IP address. Anyone have any tips? Other than don't do it that way, you mean? grin Having two different interfaces with the same 'network' configuration, Where either address -cannot- reach *every* host on that 'network' Recommendation: IP addresses: Assign em1 192.168.1.1/24 Assign em2 129.168.2.1/24 Assign System1 192.168.1.2/24 Assign System2 192.168.2.2/24 Routing: System1; default route 192.168.1.1 System2; default route 192.168.2.1 Server: default route 1.2.3.4 (should have auto routes for 192.68.1.0/24 and 192.68.2.0/24) If you _really_ want everything on the same internal network, the easiest way is to put in an ethernet hub/switch, and connect everything to that hub/switch -- only 1 interface per device. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Gateway, Crossover
APseudoUtopia wrote: Hello, I'm trying to setup a small home network, It consists of my FreeBSD 9.0-RC2 box connected to my modem (just a modem, not modem/router) and two other systems connected directly via ethernet to the freebsd box. I'm able to connect to the internet with the FreeBSD box. I can get an IP via DHCP from my ISP. However, I can't seem to figure out how to setup the gateway routes and the IP addresses for the other system. I'd like to have the internal network be on 192.168.1.0/24. I have 2x 2-port NICs in the freebsd box. em0 - Internet - 1.2.3.4 em1 - System1 - 192.168.1.1 em2 - System2 - 192.168.1.2 I'm kindof lost here. I've played with it a bit, trying to set 192.168.1.0/24 on em1 and em2, then setting the specific IP address on system1 and system2 respectively. I've also tried manually adding routes from 192.168.1.0/24 to 1.2.3.4 (my external IP) to no avail. The system1/2 boxes cannot ping the freebsd box, nor vise-versa. That implies it's not a routing problem, but a problem with the systems getting a proper IP address. Anyone have any tips? Thanks. www.a1poweruser.com web site has details instructions on how to do it. Check it out. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd / gateway / parental control
On Mon, 2007-07-02 at 12:44 -0400, Chuck Swiger wrote: Norberto Meijome wrote: On Fri, 29 Jun 2007 22:46:10 +0200 Momchil Ivanov [EMAIL PROTECTED] wrote: 4) Forget about the DSL router. Box with wireless NIC, 1 NIC for home net, 1 NIC for the DSL - same as above, just have to tell your box how to connect to your ISP ok, this is interesting. You mean, plug the phone line straight into, say, fxp1 ? and then using ppp to connect over PPoE to your ISP? I had originally thought of getting a DSL card , but there doesn't seem to be any ADSL2/2+ supported. A phone line is RJ11 and can be only a single pair; ethernet cables which go into a fxp NIC are RJ45 and have four pairs. :-) If you wanted to connect the phone line directly, you'd rightly need to get a DSL PCI card. However, you can connect a DSL modem into one side in bridge mode, and have the output of the DSL modem connect to a FreeBSD machine via ethernet which uses PPP to do the PPPoE/PPPoA negotiation, or you can use a broadband router/switch to do that, instead. Regards, In your part of the world, yes. I've encountered setups (iirc in Denmark?) where the telco terminates their line as an RJ-11 and an RJ-45. You can then plug into that either a router that talks PPPoE on an ethernet port, or directly into NIC in your computer and talk PPPoE there. This is where PPPoE clients like rp-pppoe and their ilk come into play. You can even do (rudimentary) sharing of the ADSL by plumbing it into a hub. Any other client connected to the hub can kick off a PPPoE session. Not many telcos do this these days I think.. signature.asc Description: This is a digitally signed message part
Re: freebsd / gateway / parental control
On Mon, 2 Jul 2007 14:33:50 +1000 Norberto Meijome [EMAIL PROTECTED] wrote: :) i figured...but i asked just in the crazy chance that PPoE meant u could use any Ethernet capable device (like a NIC) to connect to DSL. Oh well, it'd been cool if true :D I can't speak in the general case, but it works for me. I guess you'll probably need to check with somebody in your ISP who doesn't read answers from a flow chart. -fr. -- Feargal Reilly, Chief Techie, FBI. PGP Key: 0xBD252C01 (expires: 2006-11-30) Web: http://www.fbi.ie/ | Tel: +353.14988588 | Fax: +353.14988489 Communications House, 11 Sallymount Avenue, Ranelagh, Dublin 6. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd / gateway / parental control
On Mon, 2 Jul 2007 14:33:50 +1000 Norberto Meijome [EMAIL PROTECTED] wrote: :) i figured...but i asked just in the crazy chance that PPoE meant u could use any Ethernet capable device (like a NIC) to connect to DSL. Oh well, it'd been cool if true :D If I were you I'd go with your original plan of putting your router into bridged mode, but I'd also try what I suggested about using the normal ethernet interface to access the other lan ports. That avoids the use of a second NIC and allows the use of the router's other ports. It has the additional advantage that you can put the router back into NAT mode, which can be useful for troubleshooting networking problems or if your FreeBSD machine has a fault. It's also useful if you want to boot a live-cd with internet access. The router will also allow you to switch to PPPoA, which makes it easy to deal with support if your ISP uses it as its official means of connection. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd / gateway / parental control
Norberto Meijome wrote: On Fri, 29 Jun 2007 22:46:10 +0200 Momchil Ivanov [EMAIL PROTECTED] wrote: 4) Forget about the DSL router. Box with wireless NIC, 1 NIC for home net, 1 NIC for the DSL - same as above, just have to tell your box how to connect to your ISP ok, this is interesting. You mean, plug the phone line straight into, say, fxp1 ? and then using ppp to connect over PPoE to your ISP? I had originally thought of getting a DSL card , but there doesn't seem to be any ADSL2/2+ supported. A phone line is RJ11 and can be only a single pair; ethernet cables which go into a fxp NIC are RJ45 and have four pairs. :-) If you wanted to connect the phone line directly, you'd rightly need to get a DSL PCI card. However, you can connect a DSL modem into one side in bridge mode, and have the output of the DSL modem connect to a FreeBSD machine via ethernet which uses PPP to do the PPPoE/PPPoA negotiation, or you can use a broadband router/switch to do that, instead. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd / gateway / parental control
On Fri, 29 Jun 2007 22:46:10 +0200 Momchil Ivanov [EMAIL PROTECTED] wrote: 4) Forget about the DSL router. Box with wireless NIC, 1 NIC for home net, 1 NIC for the DSL - same as above, just have to tell your box how to connect to your ISP ok, this is interesting. You mean, plug the phone line straight into, say, fxp1 ? and then using ppp to connect over PPoE to your ISP? I had originally thought of getting a DSL card , but there doesn't seem to be any ADSL2/2+ supported. cheers, B _ {Beto|Norberto|Numard} Meijome All that is necessary for the triumph of evil is that good men do nothing. Edmund Burke I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd / gateway / parental control
On Monday 02 July 2007 03:45:39 Norberto Meijome wrote: On Fri, 29 Jun 2007 22:46:10 +0200 Momchil Ivanov [EMAIL PROTECTED] wrote: 4) Forget about the DSL router. Box with wireless NIC, 1 NIC for home net, 1 NIC for the DSL ^^ - same as above, just have to tell your box how to connect to your ISP ok, this is interesting. You mean, plug the phone line straight into, say, fxp1 ? and then using ppp to connect over PPoE to your ISP? I had originally thought of getting a DSL card , but there doesn't seem to be any ADSL2/2+ supported. Well, as you get your internet connection through a DSL line, the above is meant to be a DSL card. -- PGP KeyID: 0x3118168B Keyserver: pgp.mit.edu Key fingerprint BB50 2983 0714 36DC D02E 158A E03D 56DA 3118 168B pgpclIeguBIZD.pgp Description: PGP signature
Re: freebsd / gateway / parental control
On Mon, 2 Jul 2007 04:16:13 +0200 Momchil Ivanov [EMAIL PROTECTED] wrote: On Monday 02 July 2007 03:45:39 Norberto Meijome wrote: On Fri, 29 Jun 2007 22:46:10 +0200 Momchil Ivanov [EMAIL PROTECTED] wrote: 4) Forget about the DSL router. Box with wireless NIC, 1 NIC for home net, 1 NIC for the DSL ^^ - same as above, just have to tell your box how to connect to your ISP ok, this is interesting. You mean, plug the phone line straight into, say, fxp1 ? and then using ppp to connect over PPoE to your ISP? I had originally thought of getting a DSL card , but there doesn't seem to be any ADSL2/2+ supported. Well, as you get your internet connection through a DSL line, the above is meant to be a DSL card. :) i figured...but i asked just in the crazy chance that PPoE meant u could use any Ethernet capable device (like a NIC) to connect to DSL. Oh well, it'd been cool if true :D _ {Beto|Norberto|Numard} Meijome Software is like sex, its better when its free Linus Torvalds I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd / gateway / parental control
On Fri, 29 Jun 2007 01:07:05 +0200 (CEST) zigniew szalbot [EMAIL PROTECTED] wrote: Basically, will squid not be an overkill for a family network consisting of 3-4 machines? The box I want to devote for gateway/pc purposes is a Compaq PIII 866 Mhz with 512 MB RAM and 40GB HD. Hi Zigniew, Back in '96 I used to run squid on a (linux Slackware) 486 DX 100Mhz, 64 MB RAM for 20 to 30 computers, with a dialup line. I can't imagine why it wouldn't work or be overkill for your setup :) I actually have the same setup in mind (down to the compaq + Dlink in bridged mode :-D ) good luck _ {Beto|Norberto|Numard} Meijome You can discover what your enemy fears most by observing the means he uses to frighten you. Eric Hoffer (1902 - 1983) I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd / gateway / parental control
Hi, Back in '96 I used to run squid on a (linux Slackware) 486 DX 100Mhz, 64 MB RAM for 20 to 30 computers, with a dialup line. I can't imagine why it wouldn't work or be overkill for your setup :) I actually have the same setup in mind (down to the compaq + Dlink in bridged mode :-D ) Great! OK I am encouraged to give it a try. But hardware-wise I will need to NICs and plug my modem line into one NIC and then the other NIC will be used to connect the Dlink router. I figure the Dlink router essentially becomes redundant but it is a wireless machine so I would like to use it anyway. Is my thinking correct here? Thank you! Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd / gateway / parental control
On Fri, 29 Jun 2007 08:42:58 +0200 (CEST) zigniew szalbot [EMAIL PROTECTED] wrote: Great! OK I am encouraged to give it a try. But hardware-wise I will need to NICs and plug my modem line into one NIC and then the other NIC will be used to connect the Dlink router. I figure the Dlink router essentially becomes redundant but it is a wireless machine so I would like to use it anyway. you'll need 2 nics, right. If you use the wireless in the DSL modem, you'll be bypassing the BSD server. Which may be fine if the kids' computer(s) cant do wireless. (beware of USB wireless dongles ;) ) Is my thinking correct here? what I have planned to do is use a non-wireless DSL modem in bridged mode (DLINK 504T), connect to the BSD box. BSD box with 2 NICs ('wan' and 'lan') as well as a DLINK G520 PCI Wireless card (Atheros chipset) and make the BSD box the wireless AP. And throwing in a small flash IDE drive for faster bootups. _ {Beto|Norberto|Numard} Meijome Commitment is active, not passive. Commitment is doing whatever you can to bring about the desired result. Anything less is half-hearted. I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd / gateway / parental control
Hi there again, Great! OK I am encouraged to give it a try. But hardware-wise I will need to NICs and plug my modem line into one NIC and then the other NIC will be used to connect the Dlink router. I figure the Dlink router essentially becomes redundant but it is a wireless machine so I would like to use it anyway. you'll need 2 nics, right. If you use the wireless in the DSL modem, you'll be bypassing the BSD server. Just one question here. If I plug the router to the lan NIC and configure it to take DHCP and DNS settings from the BSD box, then the wireless will not bypass the BSD machine, will it? what I have planned to do is use a non-wireless DSL modem in bridged mode (DLINK 504T), connect to the BSD box. BSD box with 2 NICs ('wan' and 'lan') as well as a DLINK G520 PCI Wireless card (Atheros chipset) and make the BSD box the wireless AP. I see. I can do the same but that would render the wireless Dlink useless so I wonder if I can still use it and control connections via the BSD machine. Thank you very much! Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd / gateway / parental control
On Fri, 29 Jun 2007 17:00:01 +1000 Norberto Meijome [EMAIL PROTECTED] wrote: On Fri, 29 Jun 2007 08:42:58 +0200 (CEST) zigniew szalbot [EMAIL PROTECTED] wrote: Great! OK I am encouraged to give it a try. But hardware-wise I will need to NICs and plug my modem line into one NIC and then the other NIC will be used to connect the Dlink router. I figure the Dlink router essentially becomes redundant but it is a wireless machine so I would like to use it anyway. you'll need 2 nics, right. I'm not sure that's true. If you're bridging PPPoE then you can access the internet on the tun i/f and the lan on the NIC's normal ethernet i/f. I do that with my Draytek Vigor 100 modem which has extra ports for the purpose, you can do it with a lot of DSL routers too. I've never used a wireless router, but I would imagine that the wireless clients would simply behave as if they are on the LAN. If that works then it would allow the FreeBSD machine to firewall the wireless clients too without any additional hardware. Although I'm not sure if it's possible to bridge PPP through a separate router, as opposed to a combined DSL-modem-router, but it's worth a try. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd / gateway / parental control
Gaye Abdoulaye wrote: ADSL line. At some point I would like to use an old pc with freebsd on it to sit between the router and the rest of my home network. If your are searching a BSD like solution, you have pfsense: http://www.pfsense.org/ But what I use IPCOP: http://www.ipcop.org/ With some addons like *BlockOutTraffic (BOT)*, SQUIDGUARD, and others I'll 2nd the suggestion for IPCop www.ipcop.org It's Linux, not BSD -- not my first OS choice, but it's a mature, feature laden product (that already has squid built in) that is better and more secure than something you could whip up yourself in a weekend. See the doc page http://ipcop.org/index.php?module=pnWikkatag=IPCopDocumentation , particularly features and software used to get an idea of the extensive capabilities. There's also m0n0wall http://m0n0.ch/wall/ that's BSD based, but very stripped down. And these guys http://www.mikrotik.com/ have lots of good stuff for DIYers. -R ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd / gateway / parental control
Hello, I'll 2nd the suggestion for IPCop www.ipcop.org It's Linux, not BSD -- not my first OS choice, but it's a mature, feature laden product (that already has squid built in) that is better and more secure than something you could whip up yourself in a weekend. As far as I remember, when installing FBSD I chose not to install Linux binary compatibility (not sure if that matters though). But my question is more general. Can Linux software be safely (and securely) used on a unix platform? I am happy to use squid and dansguardian, especially that for a home network I do not need a complete software suites, do I? Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd / gateway / parental control
On Friday 29 June 2007 09:13:09 zigniew szalbot wrote: If you use the wireless in the DSL modem, you'll be bypassing the BSD server. Just one question here. If I plug the router to the lan NIC and configure it to take DHCP and DNS settings from the BSD box, then the wireless will not bypass the BSD machine, will it? You can do it in the following ways: 1) Box with one NIC - connect the box to your home network - disable DSL router`s DHCP for your home network - start dhcpd on the box giving ip addresses to your home clients and telling them that the box itself is the gateway, run squid or whatever you want to capture your clients' traffic and filter them, then the box users the DSL router for gateway - disadvantages: if your kids are smart they will just change their gateway so that it`s not the box, but the DSL router and override your filtering 2) Same as above, but say DSL`s home ip is 10.51.87.1 you give the box 10.51.87.2, then give the box another ip (alias) 10.37.6.1 and tell the dhcpd on the box to give ip adresses from the 10.37.6.0/24 network to the client. The idea is to use 2 networks, one box - clients, the other for dsl router - box - disadvantages: again if your kids are smart they`ll just set themselves some static ip from the dsl router`s network and browse. They just have to figure out router`s ip and network :) as in the above case 3) Box with 2 NICs and wireless NIC - disable dsl router`s wireless NIC - connect dsl router to NIC1 on the box - connect NIC2 to home net - setup the box wireless as Access Point - bridge NIC2 and the wireless NIC on the box - run your filter 4) Forget about the DSL router. Box with wireless NIC, 1 NIC for home net, 1 NIC for the DSL - same as above, just have to tell your box how to connect to your ISP -- This correspondence is strictly confidential. Any screening, filtering and/or production for the purpose of public or otherwise disclosure is forbidden without written permission by the author signed above. If you are not the intended recipient, please immediately notify the sender and permanently delete any copies PGP KeyID: 0x3118168B Keyserver: pgp.mit.edu Key fingerprint BB50 2983 0714 36DC D02E 158A E03D 56DA 3118 168B pgpvaXII4YpIh.pgp Description: PGP signature
Re: freebsd / gateway / parental control
At 11:43 AM 6/29/2007, zbigniew szalbot wrote: As far as I remember, when installing FBSD I chose not to install Linux binary compatibility (not sure if that matters though). But my question is more general. Can Linux software be safely (and securely) used on a unix platform? I am happy to use squid and dansguardian, especially that for a home network I do not need a complete software suites, do I? IPCop that was suggested is NOT a stand-alone application that you can run in linux compat mode. It's an entire linux distro, with O/S, servers and apps all pre-installed configured. It needs to be installed on a dedicated machine; although the hardware requirements are minimal and it doesn't need to be a fast machine. It might run on a virtual PC if you just wanted to test drive it. It's a 15MB .ISO file you burn to CD and boot to the installer. It can be installed to a bootable USB key if your machine supports those. If you have an old IDE drive 250MB or bigger (everybody does, right?) throw it in a spare machine and try it. You'll need a 2nd NIC unless your WAN connection is serial. I run it with the old 4-port Adaptec NICs found on Ebay for $10. I know some of ya' are grumbling that I'm advocating or even mentioning a linux based package here, but it is a rather kick-ass package, and it is at least non-windoze and open-source ;) -RW ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
freebsd / gateway / parental control
Hello, I am looking for advice. I have a dlink router/modem that connects to my ADSL line. At some point I would like to use an old pc with freebsd on it to sit between the router and the rest of my home network. What kind of set up should I be aiming for to make it possible? On the software side I am also looking for some kind of parental control utility. I guess I can use pf. But would that be enough? I think it would have to be something that would allow me to define keywords based on which sites containing them would get automatically blocked on the fbsd gateway. I'd rather use open source solutions. Many thanks in advance! Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd / gateway / parental control
zigniew szalbot a écrit : Hello, I am looking for advice. I have a dlink router/modem that connects to my ADSL line. At some point I would like to use an old pc with freebsd on it to sit between the router and the rest of my home network. What kind of set up should I be aiming for to make it possible? On the software side I am also looking for some kind of parental control utility. I guess I can use pf. But would that be enough? I think it would have to be something that would allow me to define keywords based on which sites containing them would get automatically blocked on the fbsd gateway. I'd rather use open source solutions. Many thanks in advance! Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] If your are searching a BSD like solution, you have pfsense: http://www.pfsense.org/ But what I use IPCOP: http://www.ipcop.org/ With some addons like *BlockOutTraffic (BOT)*, SQUIDGUARD, and others you can have contents filtering and proxing. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd / gateway / parental control
On Jun 28, 2007, at 3:40 PM, zigniew szalbot wrote: On the software side I am also looking for some kind of parental control utility. I guess I can use pf. But would that be enough? I think it would have to be something that would allow me to define keywords based on which sites containing them would get automatically blocked on the fbsd gateway. I'd rather use open source solutions. squid and squidguard seem like the obvious choices to me. -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd / gateway / parental control
On Thursday 28 June 2007 18:08:33 Jeffrey Goldberg wrote: On Jun 28, 2007, at 3:40 PM, zigniew szalbot wrote: On the software side I am also looking for some kind of parental control utility. I guess I can use pf. But would that be enough? I think it would have to be something that would allow me to define keywords based on which sites containing them would get automatically blocked on the fbsd gateway. I'd rather use open source solutions. squid and squidguard seem like the obvious choices to me. -j I use squid and dansguardian. Very easy to setup. /usr/ports/www/dansguardian Derrick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd / gateway / parental control
Hello, Thank you all who have responded! utility. I guess I can use pf. But would that be enough? I think it would have to be something that would allow me to define keywords based on which sites containing them would get automatically blocked on the fbsd gateway. I'd rather use open source solutions. squid and squidguard seem like the obvious choices to me. -j I use squid and dansguardian. Very easy to setup. /usr/ports/www/dansguardian I have never tried squid but it seems quite a big package. I have also seen oops but not sure which to choose. Basically, will squid not be an overkill for a family network consisting of 3-4 machines? The box I want to devote for gateway/pc purposes is a Compaq PIII 866 Mhz with 512 MB RAM and 40GB HD. Thank you! Zbigniew Szalbot Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd / gateway / parental control
Hello, Thank you all who have responded! utility. I guess I can use pf. But would that be enough? I think it would have to be something that would allow me to define keywords based on which sites containing them would get automatically blocked on the fbsd gateway. I'd rather use open source solutions. squid and squidguard seem like the obvious choices to me. -j I use squid and dansguardian. Very easy to setup. /usr/ports/www/dansguardian I have never tried squid but it seems quite a big package. I have also seen oops but not sure which to choose. Basically, will squid not be an overkill for a family network consisting of 3-4 machines? The box I want to devote for gateway/pc purposes is a Compaq PIII 866 Mhz with 512 MB RAM and 40GB HD. Thank you! Zbigniew Szalbot Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd / gateway / parental control
Hello, Thank you all who have responded! utility. I guess I can use pf. But would that be enough? I think it would have to be something that would allow me to define keywords based on which sites containing them would get automatically blocked on the fbsd gateway. I'd rather use open source solutions. squid and squidguard seem like the obvious choices to me. -j I use squid and dansguardian. Very easy to setup. /usr/ports/www/dansguardian I have never tried squid but it seems quite a big package. I have also seen oops but not sure which to choose. Basically, will squid not be an overkill for a family network consisting of 3-4 machines? The box I want to devote for gateway/pc purposes is a Compaq PIII 866 Mhz with 512 MB RAM and 40GB HD. Thank you! Zbigniew Szalbot Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd / gateway / parental control
Hello, Thank you all who have responded! utility. I guess I can use pf. But would that be enough? I think it would have to be something that would allow me to define keywords based on which sites containing them would get automatically blocked on the fbsd gateway. I'd rather use open source solutions. squid and squidguard seem like the obvious choices to me. -j I use squid and dansguardian. Very easy to setup. /usr/ports/www/dansguardian I have never tried squid but it seems quite a big package. I have also seen oops but not sure which to choose. Basically, will squid not be an overkill for a family network consisting of 3-4 machines? The box I want to devote for gateway/pc purposes is a Compaq PIII 866 Mhz with 512 MB RAM and 40GB HD. Thank you! Zbigniew Szalbot Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd / gateway / parental control
On Jun 28, 2007, at 4:07 PM, zigniew szalbot wrote: I use squid and dansguardian. Very easy to setup. /usr/ports/www/dansguardian I have never tried squid but it seems quite a big package. I have also seen oops but not sure which to choose. Basically, will squid not be an overkill for a family network consisting of 3-4 machines? The box I want to devote for gateway/pc purposes is a Compaq PIII 866 Mhz with 512 MB RAM and 40GB HD. Squid works just fine for a single-user environment, even, especially if you use an adblocker and/or override the local DNS for annoying adfarm sites to return just a transparent 1x1 pixel GIF image instead of the ads. Squid is noticeably smarter about figuring out when to recheck web resources for changes and do so efficiently compared to pretty much all of the local caching done by browsers. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Weird freebsd gateway question
Hello, I have followed the document below to set up a gateway for 2 vlans: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.html All servers behind the switch can connect to the Internet without any problems. However, I cannot ping the switch IP from the outside nor inside of the network. I have tried to change the IP of the switch, but still the switch cannot be visible in the network (all servers behind works without any glitch.) Could anyone point me out the error? Below is the network diagram: Internet - FreeBSD gateway Switch Few servers For FreeBSD gateway, I have that few lines in /etc/rc.d: defaultrouter=10.0.0.1 gateway_enable=YES ifconfig_em0=inet 10.0.0.2 netmask 255.255.255.252 ifconfig_em1=inet 172.16.0.1 netmask 255.255.255.224 static_routes=lan route_lan=-net 172.16.0.1/24 172.16.0.2 *The IP of the switch is 172.16.0.2 **All actual IPs are changed to dummy IPs. Thanks Pang ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Adding a FreeBSD Gateway on a DSL/ ATM circuit
Aloha, My current problem is that I need to use a box as a FreeBSD 6.* gateway/firewall to the internet protecting an MS box that is in the office for doing a lot of photo work and uploading to servers for the company my wife works with. I was going to use a freesco (Linux)disk /firewall/gateway/router like I have on my single dsl 1.5/384 line. (This is currently what is protecting the MS box on this circuit.) However, the freesco setup does not work as a gateway on the leg of the ATM 5 IP circuit where we want to move the MS box to. I have tried to get it setup and have emailed the freesco lists and apparently no one has accomplished this. I have now built a FreeBSD box with 2 nics to use as a gateway/router/firewall between the single MS box and the internet. ed1 is on the 66.xxx.132.236 leg of the ATM. The defaultgateway on the internet side of the ATM is 66.xxx.132.233. The LAN side of the box ed0 is 192.168.1.1 to which the MS box is directed. ( I am using a test box 192.168.1.29 with FreeBSD 6* in place of the MS box at this point.) I can ping from the gateway box nic to the internet ok. I can ping from the Test box to the Lan side of the gateway box OK. I cant reach the internet thru the gateway. I have read probably 5 howtos from the FreeBSD hand book and elsewhere and none are exactly what I am doing. On FreeBSD Questions list recently there was a similar issue question posted but no body answered the post. It had to do with rc.conf Listing both Nics ifconfig_ed0 =66.xxx.132.236 netmask 255.255.255.248 #inet side ifconfig -ed1=192.168.1.1 netmask 255. 255.255.0 # lan side and gateway_enable=YES which I have done. At this point I have not attempted a firewall PF or IPFW since I cant reach the internet thru the gateway and I want to understand what is not right with this setup first. If I use: route add -net 192.168.1 .29192.168.1.1 I can no longer ping the Lan side of the gateway from the test box. Can you direct me to or give me a howto on setting this up so I can reach the internet if indeed its possible using a gateway/firewall on the leg of an ATM circuit? Any help would be appreciated. Thanks, Al Plant - Honolulu, Hawaii - Admin -- http://hawaiidakine.com -- http://hdk5.com -- -- http://internetohana.org -- http://freeBSDinfo.org -- + Supporting open source computing - FreeBSD 6.* + ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adding a FreeBSD Gateway on a DSL/ ATM circuit
On Thu, Aug 03, 2006 at 08:35:42AM -1000, [EMAIL PROTECTED] wrote: I can ping from the gateway box nic to the internet ok. I can ping from the Test box to the Lan side of the gateway box OK. I cant reach the internet thru the gateway. I have read probably 5 howtos from the FreeBSD hand book and elsewhere and none are exactly what I am doing. A properly designed DSL/ATM modem or router is not going to allow private IP addresses onto the public internet. So you can not get thru the FreeBSD gateway without NAT to map 192.168/16 to the gateway external IP address. At the very least you need to enable gateway and NAT. One way to do NAT is with IPFW. in /etc/rc.conf I have: firewall_enable=YES # Set to YES to enable firewall functionality firewall_type=client # really ought to remove this from custom script firewall_script=/etc/dmk.firewall # my custom script natd_enable=YES # Enable natd (if firewall_enable == YES). natd_interface=fxp1 # the external interface to place nat'ed packets natd__flags=-f /etc/natd.conf # some natd config gateway_enable=YES# both natd and gateway needed /etc/natd.conf looks like this: interface fxp1 log_denied log_facility security use_sockets same_ports dynamic log_ipfw_denied punch_fw4900:99 punch_fw defines where dynamic rules are inserted in my ipfw ruleset to support ftp. /etc/dmk.firewall is only a modified version of the stock rc.firewall. -- David Kelly N4HHE, [EMAIL PROTECTED] Whom computers would destroy, they must first drive mad. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Adding a FreeBSD Gateway on a DSL/ ATM circuit
look at the defaults in /etc/defaults/rc.conf specifically look for lines with gateway in them iegateway_enable=NO copy the appropriate lines into /etc/rc.conf edit iegateway_enable=YES You will need to set the the default_route line also to point to the isp I think ... HTH mjt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, 4 August 2006 4:36 AM To: freebsd-questions@freebsd.org Subject: Adding a FreeBSD Gateway on a DSL/ ATM circuit Aloha, My current problem is that I need to use a box as a FreeBSD 6.* gateway/firewall to the internet protecting an MS box that is in the office for doing a lot of photo work and uploading to servers for the company my wife works with. I was going to use a freesco (Linux)disk /firewall/gateway/router like I have on my single dsl 1.5/384 line. (This is currently what is protecting the MS box on this circuit.) However, the freesco setup does not work as a gateway on the leg of the ATM 5 IP circuit where we want to move the MS box to. I have tried to get it setup and have emailed the freesco lists and apparently no one has accomplished this. I have now built a FreeBSD box with 2 nics to use as a gateway/router/firewall between the single MS box and the internet. ed1 is on the 66.xxx.132.236 leg of the ATM. The defaultgateway on the internet side of the ATM is 66.xxx.132.233. The LAN side of the box ed0 is 192.168.1.1 to which the MS box is directed. ( I am using a test box 192.168.1.29 with FreeBSD 6* in place of the MS box at this point.) I can ping from the gateway box nic to the internet ok. I can ping from the Test box to the Lan side of the gateway box OK. I cant reach the internet thru the gateway. I have read probably 5 howtos from the FreeBSD hand book and elsewhere and none are exactly what I am doing. On FreeBSD Questions list recently there was a similar issue question posted but no body answered the post. It had to do with rc.conf Listing both Nics ifconfig_ed0 =66.xxx.132.236 netmask 255.255.255.248 #inet side ifconfig -ed1=192.168.1.1 netmask 255. 255.255.0 # lan side and gateway_enable=YES which I have done. At this point I have not attempted a firewall PF or IPFW since I cant reach the internet thru the gateway and I want to understand what is not right with this setup first. If I use: route add -net 192.168.1 .29192.168.1.1 I can no longer ping the Lan side of the gateway from the test box. Can you direct me to or give me a howto on setting this up so I can reach the internet if indeed its possible using a gateway/firewall on the leg of an ATM circuit? Any help would be appreciated. Thanks, Al Plant - Honolulu, Hawaii - Admin -- http://hawaiidakine.com -- http://hdk5.com -- -- http://internetohana.org -- http://freeBSDinfo.org -- + Supporting open source computing - FreeBSD 6.* + ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ***This Email has been scanned for Viruses by MailMarshal.*** --- The information transmitted in this e-mail is for the exclusive use of the intended addressee and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of it, or the taking of any action in reliance upon this information by persons and/or entities other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. E-mails may not be secure, may contain computer viruses and may be corrupted in transmission. Please carefully check this e-mail (and any attachment) accordingly. No warranties are given and no liability is accepted for any loss or damage caused by such matters. --- ***This Email has been scanned for Viruses by MailMarshal.*** ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up a FreeBSD gateway (more detail) and IPFW
Thanks to those who replied to my previous call for help. Now I think it's time I actually provide some relevant detail. snip Ideally, I'd like to be able to leave my workstation's network settings alone, and set up DHCP; however, a look over the ports suggests that's far more trouble than it's worth for a single client that doesn't really need such flexibility. I don't have any servers running on my workstation, so I've no need to allow traffic from the 'net to get through the firewall to the LAN(servers on the gateway itself are another matter). However, the firewall is still my biggest challenge. A DHCP server *looks* challenging to set up...but it's really a snap! See my example at http://www.mostgraveconcern.com/freebsd/sheet.cgi?dhcp Also, check out my firewall setup: http://www.mostgraveconcern.com/freebsd/sheet.cgi?ipfw I don't use named, I just allow outbound DNS lookups through the firewall. Also, my DHCP server points clients at my ISP's DNS servers... Hope this helps, ~Dan -- FreeBSD Cheat Sheets http://www.mostgraveconcern.com/freebsd/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Setting up a FreeBSD gateway (more detail) and IPFW
Thanks to those who replied to my previous call for help. Now I think it's time I actually provide some relevant detail. I've got two computers - one is my workstation, one is my server / gateway-to-be. My outside connection is via a hub to a cable modem; currently I have my workstation rigged directly to it with no problems. I'll go over what I've done so far, and hope that if I've made a glaring error someone will be able to point it out. - I have two NICs: ed0 and rl0. ed0 will be connected to my workstation, rl0 to the hub and thence the Internet. - I've configured a custom kernel per the directions in the handbook on NAT - that is, IPFIREWALL and IPDIVERT are in there. - I have the various options set in rc.conf, with natd_interface=rl0. - To set up the NICs, I have ifconfig_ed0=192.168.0.1 and ifconfig_rl0=DHCP. I'll set my workstation to use 192.168.0.2 if I can figure out why it's locking my NIC / IP settings(that's a WinXP issue). - In my named.conf, under forwarders, I set one of my ISP's DNS servers. (Is it possible, and if so, beneficial, to put more than one entry there? My ISP gives me four.) I'm only running a caching DNS, so I otherwise left named.conf alone. - I've run the make-localhost script in /etc/namedb. - I've put named_enable=YES in rc.conf as well. Ideally, I'd like to be able to leave my workstation's network settings alone, and set up DHCP; however, a look over the ports suggests that's far more trouble than it's worth for a single client that doesn't really need such flexibility. I don't have any servers running on my workstation, so I've no need to allow traffic from the 'net to get through the firewall to the LAN(servers on the gateway itself are another matter). However, the firewall is still my biggest challenge. To get set up and running, since I don't currently know the ports for every single thing I might use(and some things I telnet to are on nonstandard ports anyway) I'm probably going to use the example ruleset #2 for IPFW with NAT, except that until such time as I know a little more detail about what I need to block, I'll be assuming that anything from the workstation is good traffic. That rule, however, is causing me some concern, and I'd like to confirm that it has a good chance of working before I go to the smoke test. Thus, inserting at the appropriate point into the last example given on http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html the best I can cobble together is: $cmd allow all from 192.168.0.2 to any out via $pif setup keep-state Will this allow my workstation unhindered access to the Internet without opening it to every single inbound port? I'm a little confused here. I don't think I need anything but Apache (i.e. port 80 TCP) and SSL (22 TCP) inbound; the MySQL server is strictly internal, so the stock ruleset otherwise seems pretty good to me. I can open up secure HTTP if I get that working, based on the rules already there. Please send replies directly to me. Thanks in advance, -BB ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up a FreeBSD gateway
Thanks for the information! I'm getting ready to set up BIND for the first time and this will be very useful. Teo On 1/4/06, Reko Turja [EMAIL PROTECTED] wrote: - Original Message - From: Brian Bobowski [EMAIL PROTECTED] To: FreeBSD User Questions List freebsd-questions@freebsd.org Sent: Wednesday, January 04, 2006 7:44 PM Subject: Setting up a FreeBSD gateway However, I don't know how to set up DNS. Specifically, I want to either pass all DNS requests through the gateway, or have the gateway run a local DNS that queries my ISP's DNS in turn. Can anyone point me to some steps on how to set that up? If you're going to use BIND (which I recommend and which is included in the system) check at least the following parameters in named.conf: listen-on - set this to your internal IP forwarders - if you dont want to fetch every single record from the official DNS's and want to utilize your providers DNS cache, set this variable to point on your ISP's DNS servers. forward-only as you're going to have your own domain records set up be sure this is commented out. Basically BIND with this kind of configuration will forward queries to master or forwarder servers unless it has the master record itself or there is cached record, which is still valid. defining the localhost: If the machine names are set up right in your fbsd installation, easiest is to use the make-localhost in the /etc/namedb directory. Then you forward zone file for your domain as well as reverse zones for the ip-ranges in use. My files are: master/mydomain.org file: $TTL 3600 @ IN SOA xxx.xxx.org. root.xxx.org. ( ; we define authority as well as the base domain (first xxx.org and ; the administrative contact - as bind has other uses for . the mail ; address is notes with dot between domain and username. 2005111301 ;serial ; good idea is to use the shown date notation, and ALWAYS bump the serial whatever ;you do to the zone files) 86400 ;refresh 24h 7200;retry 2h 192200 ;expire 2d 86400) ;minimum 24h IN NS moria.endor.swagman.org. ; we define name servers for the zone only one is usually needed for private dns use. IN MX 5 moria.endor.swagman.org. ; I define mail handler server just in case... moria IN A 192.168.10.1 rivendell IN A 192.168.10.10 lorien IN A 192.168.10.11 muppet IN A 192.168.10.20 ;and then add my workstations As the main forward zone is now set up, we need the reverse zones as well. My reverse zone for above setup is (master/rev.mydomain.org): $TTL 1d @ IN SOA xxx.xxx.org. root.swagman.org. ( 2005111301 ;serial 1d ;refresh 2h ;retry 20d ;expire 2h );neg cache IN NS moria.endor.swagman.org. 1 IN PTR moria.endor.swagman.org. 10 IN PTR rivendell.endor.swagman.org. 11 IN PTR lorien.endor.swagman.org. 20 IN PTR muppet.endor.swagman.org. With BIND the dots after the names are important, otherwise the names end up as name.my.domain.my.domain which usually isn't what you want :) After the zones are set up you can add them to named.conf as follows: zone xxx.xxx.org { type master; file master/mydomain.org; }; zone 10.168.192.in-addr.arpa { type master; file master/rev.mydomain.org; }; In the above note the naming of reverse zone. To get correct resolution of reverse names you need to name your zone with similar formatting. Hope this helps a bit (although I recommend getting Bind handbook 8available from ISC as pdf, or some of the basic BSD books like Greg Lehey's, Or Michael Lucas's books on Freebsd - both have a good chapter on DNS setup with BIND. Of course nothing beats the O'Reilly Cricket book.) -Reko ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Setting up a FreeBSD gateway
OK, I've tried searching through man pages and such, but I've got kind of lost here. I have one machine that's acting as a gateway for my home PC, in addition to running a few local servers. I know I shouldn't do that, but the traffic is low and I just don't have room for more computers in my room, anyway. At any rate... I think I've got the packet-forwarding aspect set up OK; I compiled a kernel with the options I found in the docs on the matter. However, I don't know how to set up DNS. Specifically, I want to either pass all DNS requests through the gateway, or have the gateway run a local DNS that queries my ISP's DNS in turn. Can anyone point me to some steps on how to set that up? A bit of user-friendly instruction on using ipfw would be nice, too; I think I'd be able to figure it out in time, but if someone can spare a few moments to point out where I can find instructions on e.g. passing traffic on certain ports through to the other machine, handling others, and blocking the rest, it'd be appreciated. It's specifically the forwarding part that has me a bit mystified. Please reply off-list. TIA, -BB ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Setting up a FreeBSD gateway
1. I assume you are running some kind of NAT ? 2. allow udp/tcp traffic out on port 53 to the dns servers you want to use. This will pass the dns requests through the gateway. If you want to use the gateway as a dns forwarder, you need to install something to do this. A third alternative is to setup your own dns server on this machine using something like bind or djbdns. Regards, Ruben http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-dns.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.ht ml these pages should tell you what you need to know. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Bobowski Sent: January 04, 2006 6:44 PM To: FreeBSD User Questions List Subject: Setting up a FreeBSD gateway OK, I've tried searching through man pages and such, but I've got kind of lost here. I have one machine that's acting as a gateway for my home PC, in addition to running a few local servers. I know I shouldn't do that, but the traffic is low and I just don't have room for more computers in my room, anyway. At any rate... I think I've got the packet-forwarding aspect set up OK; I compiled a kernel with the options I found in the docs on the matter. However, I don't know how to set up DNS. Specifically, I want to either pass all DNS requests through the gateway, or have the gateway run a local DNS that queries my ISP's DNS in turn. Can anyone point me to some steps on how to set that up? A bit of user-friendly instruction on using ipfw would be nice, too; I think I'd be able to figure it out in time, but if someone can spare a few moments to point out where I can find instructions on e.g. passing traffic on certain ports through to the other machine, handling others, and blocking the rest, it'd be appreciated. It's specifically the forwarding part that has me a bit mystified. Please reply off-list. TIA, -BB ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.12/220 - Release Date: 01/03/2006 -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.12/220 - Release Date: 01/03/2006 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up a FreeBSD gateway
By design dns servers will perform recursive queries through the root servers for all domains; unless you're hosting the zone then it considers itself authoritive. So you can set up a dns server for your network, or use a public one. Teo On 1/4/06, Brian Bobowski [EMAIL PROTECTED] wrote: OK, I've tried searching through man pages and such, but I've got kind of lost here. I have one machine that's acting as a gateway for my home PC, in addition to running a few local servers. I know I shouldn't do that, but the traffic is low and I just don't have room for more computers in my room, anyway. At any rate... I think I've got the packet-forwarding aspect set up OK; I compiled a kernel with the options I found in the docs on the matter. However, I don't know how to set up DNS. Specifically, I want to either pass all DNS requests through the gateway, or have the gateway run a local DNS that queries my ISP's DNS in turn. Can anyone point me to some steps on how to set that up? A bit of user-friendly instruction on using ipfw would be nice, too; I think I'd be able to figure it out in time, but if someone can spare a few moments to point out where I can find instructions on e.g. passing traffic on certain ports through to the other machine, handling others, and blocking the rest, it'd be appreciated. It's specifically the forwarding part that has me a bit mystified. Please reply off-list. TIA, -BB ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up a FreeBSD gateway
I have one machine that's acting as a gateway for my home PC, in addition to running a few local servers. I know I shouldn't do that, but the traffic is low and I just don't have room for more computers in my room, anyway. At any rate... I think I've got the packet-forwarding aspect set up OK; I compiled a kernel with the options I found in the docs on the matter. However, I don't know how to set up DNS. Specifically, I want to either pass all DNS requests through the gateway, or have the gateway run a local DNS that queries my ISP's DNS in turn. Can anyone point me to some steps on how to set that up? Here's how I do it (my ISP maintains my domain name records on their DNS servers...): http://www.mostgraveconcern.com/freebsd/sheet.cgi?ipfw ~Dan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up a FreeBSD gateway
- Original Message - From: Brian Bobowski [EMAIL PROTECTED] To: FreeBSD User Questions List freebsd-questions@freebsd.org Sent: Wednesday, January 04, 2006 7:44 PM Subject: Setting up a FreeBSD gateway However, I don't know how to set up DNS. Specifically, I want to either pass all DNS requests through the gateway, or have the gateway run a local DNS that queries my ISP's DNS in turn. Can anyone point me to some steps on how to set that up? If you're going to use BIND (which I recommend and which is included in the system) check at least the following parameters in named.conf: listen-on - set this to your internal IP forwarders - if you dont want to fetch every single record from the official DNS's and want to utilize your providers DNS cache, set this variable to point on your ISP's DNS servers. forward-only as you're going to have your own domain records set up be sure this is commented out. Basically BIND with this kind of configuration will forward queries to master or forwarder servers unless it has the master record itself or there is cached record, which is still valid. defining the localhost: If the machine names are set up right in your fbsd installation, easiest is to use the make-localhost in the /etc/namedb directory. Then you forward zone file for your domain as well as reverse zones for the ip-ranges in use. My files are: master/mydomain.org file: $TTL 3600 @ IN SOA xxx.xxx.org. root.xxx.org. ( ; we define authority as well as the base domain (first xxx.org and ; the administrative contact - as bind has other uses for . the mail ; address is notes with dot between domain and username. 2005111301 ;serial ; good idea is to use the shown date notation, and ALWAYS bump the serial whatever ;you do to the zone files) 86400 ;refresh 24h 7200;retry 2h 192200 ;expire 2d 86400) ;minimum 24h IN NS moria.endor.swagman.org. ; we define name servers for the zone only one is usually needed for private dns use. IN MX 5 moria.endor.swagman.org. ; I define mail handler server just in case... moria IN A 192.168.10.1 rivendell IN A 192.168.10.10 lorien IN A 192.168.10.11 muppet IN A 192.168.10.20 ;and then add my workstations As the main forward zone is now set up, we need the reverse zones as well. My reverse zone for above setup is (master/rev.mydomain.org): $TTL 1d @ IN SOA xxx.xxx.org. root.swagman.org. ( 2005111301 ;serial 1d ;refresh 2h ;retry 20d ;expire 2h );neg cache IN NS moria.endor.swagman.org. 1 IN PTR moria.endor.swagman.org. 10 IN PTR rivendell.endor.swagman.org. 11 IN PTR lorien.endor.swagman.org. 20 IN PTR muppet.endor.swagman.org. With BIND the dots after the names are important, otherwise the names end up as name.my.domain.my.domain which usually isn't what you want :) After the zones are set up you can add them to named.conf as follows: zone xxx.xxx.org { type master; file master/mydomain.org; }; zone 10.168.192.in-addr.arpa { type master; file master/rev.mydomain.org; }; In the above note the naming of reverse zone. To get correct resolution of reverse names you need to name your zone with similar formatting. Hope this helps a bit (although I recommend getting Bind handbook 8available from ISC as pdf, or some of the basic BSD books like Greg Lehey's, Or Michael Lucas's books on Freebsd - both have a good chapter on DNS setup with BIND. Of course nothing beats the O'Reilly Cricket book.) -Reko ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up a FreeBSD gateway
- Original Message - From: Brian Bobowski [EMAIL PROTECTED] To: FreeBSD User Questions List freebsd-questions@freebsd.org Sent: Wednesday, January 04, 2006 7:44 PM Subject: Setting up a FreeBSD gateway However, I don't know how to set up DNS. Specifically, I want to either pass all DNS requests through the gateway, or have the gateway run a local DNS that queries my ISP's DNS in turn. Can anyone point me to some steps on how to set that up? If you're going to use BIND (which I recommend and which is included in the system) check at least the following parameters in named.conf: listen-on - set this to your internal IP forwarders - if you dont want to fetch every single record from the official DNS's and want to utilize your providers DNS cache, set this variable to point on your ISP's DNS servers. forward-only as you're going to have your own domain records set up be sure this is commented out. Basically BIND with this kind of configuration will forward queries to master or forwarder servers unless it has the master record itself or there is cached record, which is still valid. defining the localhost: If the machine names are set up right in your fbsd installation, easiest is to use the make-localhost in the /etc/namedb directory. Then you forward zone file for your domain as well as reverse zones for the ip-ranges in use. My files are: master/mydomain.org file: $TTL 3600 @ IN SOA xxx.xxx.org. root.xxx.org. ( ; we define authority as well as the base domain (first xxx.org and ; the administrative contact - as bind has other uses for . the mail ; address is notes with dot between domain and username. 2005111301 ;serial ; good idea is to use the shown date notation, and ALWAYS bump the serial whatever ;you do to the zone files) 86400 ;refresh 24h 7200;retry 2h 192200 ;expire 2d 86400) ;minimum 24h IN NS moria.endor.swagman.org. ; we define name servers for the zone only one is usually needed for private dns use. IN MX 5 moria.endor.swagman.org. ; I define mail handler server just in case... moria IN A 192.168.10.1 rivendell IN A 192.168.10.10 lorien IN A 192.168.10.11 muppet IN A 192.168.10.20 ;and then add my workstations As the main forward zone is now set up, we need the reverse zones as well. My reverse zone for above setup is (master/rev.mydomain.org): $TTL 1d @ IN SOA xxx.xxx.org. root.swagman.org. ( 2005111301 ;serial 1d ;refresh 2h ;retry 20d ;expire 2h );neg cache IN NS moria.endor.swagman.org. 1 IN PTR moria.endor.swagman.org. 10 IN PTR rivendell.endor.swagman.org. 11 IN PTR lorien.endor.swagman.org. 20 IN PTR muppet.endor.swagman.org. With BIND the dots after the names are important, otherwise the names end up as name.my.domain.my.domain which usually isn't what you want :) After the zones are set up you can add them to named.conf as follows: zone xxx.xxx.org { type master; file master/mydomain.org; }; zone 10.168.192.in-addr.arpa { type master; file master/rev.mydomain.org; }; In the above note the naming of reverse zone. To get correct resolution of reverse names you need to name your zone with similar formatting. Hope this helps a bit (although I recommend getting Bind handbook 8available from ISC as pdf, or some of the basic BSD books like Greg Lehey's, Or Michael Lucas's books on Freebsd - both have a good chapter on DNS setup with BIND. Of course nothing beats the O'Reilly Cricket book.) -Reko ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD Gateway problems
For years I've used a FreeBSD as my gateway. Well I haven't had a high speed connection for 3 years now, and I've just gotten it back. Since then I've reloaded the machine from 4.3 to 5.3. I thought I had it all set up so when I did get connection, I could make a quick edit to my rc.conf and I'd be ready to go. Well turns out I was way off. The machine has no problems geting an IP from the cable modem, and I can get anywhere I want from that machine directly. (I'm currently ssh'd to the router machine to send email, use w3m to find How-Tos) But it won't pass traffic from the rest of the network. Here are the settings in my rc.conf: gateway_enable=YES # Enable as Lan gateway # firewall_enable=YES natd_enable=YES natd_interface=xl0 natd_flags=-f /etc/natd.conf ipmon_enable=YES ipmon_flags=-Ds The firewall_enable is disable now because when it's turned on, I can't actually get out from directly on the machine. At this point I just want it to do the routing and then I can work on building a firewall afterwards. Before I did the update and rebuilt the kernel yesterday, I had these options in rc.conf # ipnat_enable=YES# Start ipnat function # ipnat_rules=/etc/ipnat.rules# rules definition file for ipnat # ipfilter_enable=YES # Start ipf firewall # ipfilter_rules=/etc/ipf.rules # loads rules definition text file Well all these other How-Tos I found on FreeBSDDiary.org told me all I needed was gateway_enable=YES and firewall_enable=YES. Also to add these two options to the kernel: options IPFILTER options IPDIVERT But that wasn't working. Another mentioned I needed defaultrouter=192.168.2.254, but that's not doing it either. It wasn't actually running nat, and I'd get errors if I tried to start. Here's the message I saw at boot after a new kernel. 1: unexpected keyword (any) - from /sbin/ipf: /etc/ipf.rules: parse error (-1), quitting /etc/rc: WARNING: NO IPNAT RULES After following some other How-Tos I tried running ipfw, but I keep getting an error message that won't return any helpful searches from Google. # ipnat -f /etc/ipnat.conf ioctl(SIOCGNATS): Operation not permitted # ipfw -f flush ipfw: setsockopt(IP_FW_FLUSH): Protocol not available # ipf -FA -f /etc/ipf.rules ioctl(SIOCIPFFL): Operation not permitted # ipfw add divert natd all from any to any via xl0 ipfw: getsockopt(IP_FW_ADD): Protocol not available None of those error messages will give me anything to go. So I'm at a lose here. Can anybody point me to How-To, or share their rc.conf edits to make this work? I know this was a little long, but thanks in advance for the help. tdh -- +- \./ | Tim Holmes -- [EMAIL PROTECTED]: [EMAIL PROTECTED] (0Y0) | UIN: 17021091 -- AIM: tdh004 -ooO--(_)--Ooo--+- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD Gateway problems
At 01:46 AM 8/15/2005, Tim Holmes wrote: For years I've used a FreeBSD as my gateway. Well I haven't had a high speed connection for 3 years now, and I've just gotten it back. Since then I've reloaded the machine from 4.3 to 5.3. I thought I had it all set up so when I did get connection, I could make a quick edit to my rc.conf and I'd be ready to go. Well turns out I was way off. The machine has no problems geting an IP from the cable modem, and I can get anywhere I want from that machine directly. (I'm currently ssh'd to the router machine to send email, use w3m to find How-Tos) But it won't pass traffic from the rest of the network. Here are the settings in my rc.conf: gateway_enable=YES # Enable as Lan gateway # firewall_enable=YES natd_enable=YES natd_interface=xl0 natd_flags=-f /etc/natd.conf ipmon_enable=YES ipmon_flags=-Ds The firewall_enable is disable now because when it's turned on, I can't actually get out from directly on the machine. At this point I just want it to do the routing and then I can work on building a firewall afterwards. If you use options IPFIREWALL_DEFAULT_TO_ACCEPT that will allow you to get the other things working, and you can figure out your firewall rules once everything else works. Before I did the update and rebuilt the kernel yesterday, I had these options in rc.conf # ipnat_enable=YES# Start ipnat function # ipnat_rules=/etc/ipnat.rules# rules definition file for ipnat # ipfilter_enable=YES # Start ipf firewall # ipfilter_rules=/etc/ipf.rules # loads rules definition text file Well all these other How-Tos I found on FreeBSDDiary.org told me all I needed was gateway_enable=YES and firewall_enable=YES. Also to add these two options to the kernel: options IPFILTER options IPDIVERT To use ipfw adding these options to your kernel is a good place to start: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_DEFAULT_TO_ACCEPT If you're using natd, you'll also want: options IPDIVERT If you want to use ipnat (ipfilter) you'll want: options IPFILTER But that wasn't working. Another mentioned I needed defaultrouter=192.168.2.254, but that's not doing it either. It wasn't actually running nat, and I'd get errors if I tried to start. Here's the message I saw at boot after a new kernel. The default router for the FreeBSD machine should be supplied by the dhcp server that give you your IP address. Also, you will need to use NAT since the cable modem probably only gives you a single IP. 1: unexpected keyword (any) - from /sbin/ipf: /etc/ipf.rules: parse error (-1), quitting /etc/rc: WARNING: NO IPNAT RULES After following some other How-Tos I tried running ipfw, but I keep getting an error message that won't return any helpful searches from Google. # ipnat -f /etc/ipnat.conf ioctl(SIOCGNATS): Operation not permitted # ipfw -f flush ipfw: setsockopt(IP_FW_FLUSH): Protocol not available # ipf -FA -f /etc/ipf.rules ioctl(SIOCIPFFL): Operation not permitted # ipfw add divert natd all from any to any via xl0 ipfw: getsockopt(IP_FW_ADD): Protocol not available The errors suggest that ipfw isn't in your kernel, and likely is not loaded from a module. Is kldstat doesn't show it loaded, and you don't have OPTIONS IPFIREWALL in your kernel, that will cause errors like those. If you'd like some sample configs, contact me off list and I'll send you copies of some that I typically use as a starting point. -Glenn None of those error messages will give me anything to go. So I'm at a lose here. Can anybody point me to How-To, or share their rc.conf edits to make this work? I know this was a little long, but thanks in advance for the help. tdh -- +- \./ | Tim Holmes -- [EMAIL PROTECTED]: [EMAIL PROTECTED] (0Y0) | UIN: 17021091 -- AIM: tdh004 -ooO--(_)--Ooo--+- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: FreeBSD Gateway problems
Hi Tim, Which of the firewalls do you want to use and if you want to use both what do you want the functionality to be? If you can send your rc.conf,ipf.conf and ipnat.conf I could check out the ipf part and see if I find anything. Obviously Glen's experience with ipfw is more extensive than mine so he would most likely be of more help on that front. It would however of great help to know what you're trying to accomplish. Regards, Ruben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Holmes Sent: August 15, 2005 10:47 AM To: freebsd-questions@freebsd.org Subject: FreeBSD Gateway problems For years I've used a FreeBSD as my gateway. Well I haven't had a high speed connection for 3 years now, and I've just gotten it back. Since then I've reloaded the machine from 4.3 to 5.3. I thought I had it all set up so when I did get connection, I could make a quick edit to my rc.conf and I'd be ready to go. Well turns out I was way off. The machine has no problems geting an IP from the cable modem, and I can get anywhere I want from that machine directly. (I'm currently ssh'd to the router machine to send email, use w3m to find How-Tos) But it won't pass traffic from the rest of the network. Here are the settings in my rc.conf: gateway_enable=YES # Enable as Lan gateway # firewall_enable=YES natd_enable=YES natd_interface=xl0 natd_flags=-f /etc/natd.conf ipmon_enable=YES ipmon_flags=-Ds The firewall_enable is disable now because when it's turned on, I can't actually get out from directly on the machine. At this point I just want it to do the routing and then I can work on building a firewall afterwards. Before I did the update and rebuilt the kernel yesterday, I had these options in rc.conf # ipnat_enable=YES# Start ipnat function # ipnat_rules=/etc/ipnat.rules# rules definition file for ipnat # ipfilter_enable=YES # Start ipf firewall # ipfilter_rules=/etc/ipf.rules # loads rules definition text file Well all these other How-Tos I found on FreeBSDDiary.org told me all I needed was gateway_enable=YES and firewall_enable=YES. Also to add these two options to the kernel: options IPFILTER options IPDIVERT But that wasn't working. Another mentioned I needed defaultrouter=192.168.2.254, but that's not doing it either. It wasn't actually running nat, and I'd get errors if I tried to start. Here's the message I saw at boot after a new kernel. 1: unexpected keyword (any) - from /sbin/ipf: /etc/ipf.rules: parse error (-1), quitting /etc/rc: WARNING: NO IPNAT RULES After following some other How-Tos I tried running ipfw, but I keep getting an error message that won't return any helpful searches from Google. # ipnat -f /etc/ipnat.conf ioctl(SIOCGNATS): Operation not permitted # ipfw -f flush ipfw: setsockopt(IP_FW_FLUSH): Protocol not available # ipf -FA -f /etc/ipf.rules ioctl(SIOCIPFFL): Operation not permitted # ipfw add divert natd all from any to any via xl0 ipfw: getsockopt(IP_FW_ADD): Protocol not available None of those error messages will give me anything to go. So I'm at a lose here. Can anybody point me to How-To, or share their rc.conf edits to make this work? I know this was a little long, but thanks in advance for the help. tdh -- +- \./ | Tim Holmes -- [EMAIL PROTECTED]: [EMAIL PROTECTED] (0Y0) | UIN: 17021091 -- AIM: tdh004 -ooO--(_)--Ooo--+- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.9/72 - Release Date: 08/14/2005 -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.9/72 - Release Date: 08/14/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.9/72 - Release Date: 08/14/2005 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD Gateway
Victor Foulk wrote: Hello all, I have been looking into setting up a network gateway using a FreeBSD box, so that I may employ many of the network security features of the system (and to overcome the fact that the current network is insecurely connected to a much larger ~public LAN). The configuration would be much like this: {Internet}--{Huge/NastyLAN}--{FreeBSDGate}--{SafeLAN} Most of what I see states that I should use a *minimum* of: 266Mhz processor 64MB RAM 1GB HD (actually ~2GB based on number desired security apps) 2 Compatible NIC's The minimum is what you can get FreeBSD to run on, If you can can get FreeBSD working on a 386 then that is the minimum but for practicality a 486 is the absolute minimum. As far as the minimun amount of disk space is conserned the same thing as above goes, here is a FreeBSD router project that works on as little as 5MB: http://www.m0n0.ch/wall/ . Same thing goes for RAM and obviously you need to have at least two Network Interface Cards unless you wanted to route all traffic to /dev/null. What I really had hoped to find, was more of an experienced networking guru's thumb rule equating the number of safeLAN workstations with the required gateway RAM/Processor; to enable all safeLAN users to experience a minimal network transaction time roughly equivalent to what they would see if plugged directly into a really good hub. Something maybe in the form of: Proc Speed = X*Users+Y RAM = W*Users+Z You would plug them into a switch not a hub if you did that then the router would be the least of your problems as the bottleneck is the hub now. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD Gateway
Victor Foulk [EMAIL PROTECTED] wrote: Hello all, I have been looking into setting up a network gateway using a FreeBSD box, so that I may employ many of the network security features of the system (and to overcome the fact that the current network is insecurely connected to a much larger ~public LAN). The configuration would be much like this: {Internet}--{Huge/NastyLAN}--{FreeBSDGate}--{SafeLAN} Most of what I see states that I should use a *minimum* of: 266Mhz processor 64MB RAM 1GB HD (actually ~2GB based on number desired security apps) 2 Compatible NIC's What I really had hoped to find, was more of an experienced networking guru's thumb rule equating the number of safeLAN workstations with the required gateway RAM/Processor; to enable all safeLAN users to experience a minimal network transaction time roughly equivalent to what they would see if plugged directly into a really good hub. Something maybe in the form of: Proc Speed = X*Users+Y RAM = W*Users+Z I am far too new at this to have a clue what numbers to use to even approximate. Any advice on this matter would be most appreciated. Thanks! Victor Unfortunatley, there isn't a simple way to develop such an equation. How much CPU/RAM you need is going to be dependant on more than just the number of computers involved. Two additional factors can play a large part: 1) The number of firewall rules and 2) the amount of traffic (such as UDP) that creates dynamic rules. Rules take time to process, and more traffic takes more time with more rules. UDP traffic usually requires stateful rules, and that generates dynamic rules, which increases the amount of time to process each packet. So it's important to design your ruleset carefully to avoid unnecessary processing. However, in my experience, the most critical hardware choice is the network cards themselves. Cheapo network cards will really hurt performance under load. So toss the cheapo Realtek cards into the trash and spend a little extra on an Intel or other name brand card designed for a server. As a general rule of thumb, I won't put FreeBSD on anything smaller than a 1Ghz with 128M of RAM and 4G of disk space. While you can get away with smaller, that's about the minimum before using the box for maintenance purposes becomes a terrible burdon. Try upgrading and rebuilding world on a 266! -- Bill Moran Potential Technologies http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD Gateway
Bill Moran wrote: Victor Foulk [EMAIL PROTECTED] wrote: [...] What I really had hoped to find, was more of an experienced networking guru's thumb rule equating the number of safeLAN workstations with the required gateway RAM/Processor; to enable all safeLAN users to experience a minimal network transaction time roughly equivalent to what they would see if plugged directly into a really good hub. Something maybe in the form of: Proc Speed = X*Users+Y RAM = W*Users+Z I don't think _anybody_ can give such a formula. Especially not whithout knowing how much and what kind of traffic your users generate. But as others have said already, good NICs are essential. As a general rule of thumb, I won't put FreeBSD on anything smaller than a 1Ghz with 128M of RAM and 4G of disk space. While you can get away with smaller, that's about the minimum before using the box for maintenance purposes becomes a terrible burdon. Try upgrading and rebuilding world on a 266! You can always build world remotely. 1GHz seems to be overkill for a router. Just think of energy consumption. Regards, Phil. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD Gateway
Victor Foulk [EMAIL PROTECTED] wrote: [...] Bill Moran [EMAIL PROTECTED] wrote: [...] However, in my experience, the most critical hardware choice is the network cards themselves. Cheapo network cards will really hurt performance under load. So toss the cheapo Realtek cards into the trash and spend a little extra on an Intel or other name brand card designed for a server. [...] Similarly to Mr. Foulk, I'm also in the market for a pair of NICs for a small organization's firewall/gateway (in this case using IPFilter). Per your plug for Intel, I'm browsing 3Com and Intel NICs right now on mwave.com. Intel 10/100 w 3DES - $63 http://www.mwave.com/mwave/viewspec.hmx?scriteria=1562535 3Com 10/100 w 3DES - $92 http://www.mwave.com/mwave/viewspec.hmx?scriteria=3387169 Why do you suppose that while the 3Com seems very similar to the Intel it costs $30 more? Perhaps because it specs more types of encryption than the Intel NIC? How would this hardware acceleration integrate w FreeBSD? Per some Linux binary compat (as both cards are compat w Linux kernel 2.2+)? Will the hardware encryption on these cards ever be useful in a firewall/gateway application? Sorry for all the questions and thanks for your time, -- Micah Bushouse [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD Gateway
Micah Bushouse wrote: Victor Foulk [EMAIL PROTECTED] wrote: [...] Bill Moran [EMAIL PROTECTED] wrote: [...] However, in my experience, the most critical hardware choice is the network cards themselves. Cheapo network cards will really hurt performance under load. So toss the cheapo Realtek cards into the trash and spend a little extra on an Intel or other name brand card designed for a server. [...] Similarly to Mr. Foulk, I'm also in the market for a pair of NICs for a small organization's firewall/gateway (in this case using IPFilter). Per your plug for Intel, I'm browsing 3Com and Intel NICs right now on mwave.com. Intel 10/100 w 3DES - $63 http://www.mwave.com/mwave/viewspec.hmx?scriteria=1562535 3Com 10/100 w 3DES - $92 http://www.mwave.com/mwave/viewspec.hmx?scriteria=3387169 Why do you suppose that while the 3Com seems very similar to the Intel it costs $30 more? Perhaps because it specs more types of encryption than the Intel NIC? How would this hardware acceleration integrate w FreeBSD? Per some Linux binary compat (as both cards are compat w Linux kernel 2.2+)? Will the hardware encryption on these cards ever be useful in a firewall/gateway application? Sorry for all the questions and thanks for your time, $92 -$63 --- $29=Branding? --- INTEL PRO 100S, Model PILA8460C3 Specifications: Standard: 802.2, 802.3, 802.3u, 802.3x, 802.1p/Q Encryption: DES(56bit)/3DES(168bit) On-board Memory: 18KB Special Features: Integrated security co-processor, Advanced management for lower support costs, intel SingleDriver technology simplifies installation and maintenance [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD Gateway
Hello all, I have been looking into setting up a network gateway using a FreeBSD box, so that I may employ many of the network security features of the system (and to overcome the fact that the current network is insecurely connected to a much larger ~public LAN). The configuration would be much like this: {Internet}--{Huge/NastyLAN}--{FreeBSDGate}--{SafeLAN} Most of what I see states that I should use a *minimum* of: 266Mhz processor 64MB RAM 1GB HD (actually ~2GB based on number desired security apps) 2 Compatible NIC's What I really had hoped to find, was more of an experienced networking guru's thumb rule equating the number of safeLAN workstations with the required gateway RAM/Processor; to enable all safeLAN users to experience a minimal network transaction time roughly equivalent to what they would see if plugged directly into a really good hub. Something maybe in the form of: Proc Speed = X*Users+Y RAM = W*Users+Z I am far too new at this to have a clue what numbers to use to even approximate. Any advice on this matter would be most appreciated. Thanks! Victor ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: FreeBSD Gateway???
This might be helpful: http://www.kcgeek.com/archives/howto/building_a_freebsd_natdhcp_gateway/050802.html -Original Message- From: Hakim Z. Singhji [mailto:[EMAIL PROTECTED] Sent: Tue 7/27/2004 8:37 PM To: Pavel Duda Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject:Re: FreeBSD Gateway??? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pavel Duda wrote: | Hakim Z. Singhji wrote: | | Does anyone have any suggestions | on the type of NIC I should use? | | | Almost any normal NIC will be fine. I'm using mostly Realtek-based | (RTL8139) and Intel (8255) cards wo problems. | | ___ | [EMAIL PROTECTED] mailing list | http://lists.freebsd.org/mailman/listinfo/freebsd-newbies | To unsubscribe, send any mail to [EMAIL PROTECTED] Hi Everyone, I would like to thank you for all your help...I found a pair of 3COM XL's for $10 each...I was told that is a steal... so I went for it. Thanks again. Oh, I may need your help once I get started building the box remember I'm originally from Linux World. So this will be a new hack for me. Hope I can look to you guys for help if I get in trouble. HZS -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBBwNWNF6tCt5tOyIRAuG9AKCKAA/u6WFZDMc0F8lPWjF1Bm6fsgCg43ZZ 4kiTmFl8vATMP//PXnRatpE= =rqv5 -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD Gateway???
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Olaf Hoyer wrote: | On Sat, 24 Jul 2004, Hakim Z. Singhji wrote: | || || 10/100? There are less Gigabit types that are supported, yet, || but then the reason for that should be pretty obvious. || || Anyway, you generally can't go wrong with 3Com. That said, || I've never had trouble with 3Com, SiS, DEC/Intel, even RealTek || and the onboard VIA/Rhine stuff (drivers, respectively: xl, sis, dc, || rl, vr). || || That covers quite a few chipsets. There are plenty more. The || only problem I have answering your post is that I don't know what's || *not* supported. Also, some users have reported issues with watchdog || timeout errors using 5.X FBSD and one of the drivers mentioned above. || You could probably spot which one on Google ... | | | Hi! | | Well, I personally prefer the Intel Etherexpress in 100MBit Scenarios. | (fxp) | | You also could look at ebay, sometimes they show up in bundles of 5 or | so, and then are below those 30$ list price... | | Or you could have a look at a Znyx or Adaptec or Intel dual/Quad card, I | also noticed some Adaptec quad ones on german ebay recently. | | In Gigabit world, well, Intel or Broadcom (em or bge) cards are nice, | but given the scenario you have, they are overkill and quite costly | compared to some fxp or xl. | | Do _not_ go for Realtek or Via, they impose a far heavier load on the | CPU than Intel or 3COM. | | HTH | Olaf | Hi Olaf, Thanks alot for your help, I found a pretty good deal on a pair 3COM Xl's $10 each...pretty good huh. Hey maybe I could use you as a resource if I have any questions about setting up the Gateway/Router. Thanks again. HZS -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBBwCrNF6tCt5tOyIRAkr9AJ9dRdcevTSJoVeQLo2sPNFgHPtMigCguZEa ulyosIh6cWZnWogvKTh2cnQ= =9tRi -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD Gateway???
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pavel Duda wrote: | Hakim Z. Singhji wrote: | | Does anyone have any suggestions | on the type of NIC I should use? | | | Almost any normal NIC will be fine. I'm using mostly Realtek-based | (RTL8139) and Intel (8255) cards wo problems. | | ___ | [EMAIL PROTECTED] mailing list | http://lists.freebsd.org/mailman/listinfo/freebsd-newbies | To unsubscribe, send any mail to [EMAIL PROTECTED] Hi Everyone, I would like to thank you for all your help...I found a pair of 3COM XL's for $10 each...I was told that is a steal... so I went for it. Thanks again. Oh, I may need your help once I get started building the box remember I'm originally from Linux World. So this will be a new hack for me. Hope I can look to you guys for help if I get in trouble. HZS -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBBwNWNF6tCt5tOyIRAuG9AKCKAA/u6WFZDMc0F8lPWjF1Bm6fsgCg43ZZ 4kiTmFl8vATMP//PXnRatpE= =rqv5 -END PGP SIGNATURE- smime.p7s Description: S/MIME Cryptographic Signature
Re: FreeBSD Gateway???
On Sat, 24 Jul 2004, Hakim Z. Singhji wrote: | | 10/100? There are less Gigabit types that are supported, yet, | but then the reason for that should be pretty obvious. | | Anyway, you generally can't go wrong with 3Com. That said, | I've never had trouble with 3Com, SiS, DEC/Intel, even RealTek | and the onboard VIA/Rhine stuff (drivers, respectively: xl, sis, dc, | rl, vr). | | That covers quite a few chipsets. There are plenty more. The | only problem I have answering your post is that I don't know what's | *not* supported. Also, some users have reported issues with watchdog | timeout errors using 5.X FBSD and one of the drivers mentioned above. | You could probably spot which one on Google ... Hi! Well, I personally prefer the Intel Etherexpress in 100MBit Scenarios. (fxp) You also could look at ebay, sometimes they show up in bundles of 5 or so, and then are below those 30$ list price... Or you could have a look at a Znyx or Adaptec or Intel dual/Quad card, I also noticed some Adaptec quad ones on german ebay recently. In Gigabit world, well, Intel or Broadcom (em or bge) cards are nice, but given the scenario you have, they are overkill and quite costly compared to some fxp or xl. Do _not_ go for Realtek or Via, they impose a far heavier load on the CPU than Intel or 3COM. HTH Olaf -- Olaf Hoyer[EMAIL PROTECTED] Fuerchterliche Erlebniss geben zu raten, ob der, welcher sie erlebt, nicht etwas Fuerchterliches ist. (Nietzsche, Jenseits von Gut und Boese) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD Gateway???
Hakim Z. Singhji [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kevin D. Kinsey, DaleCo, S.P. wrote: | Hakim Z. Singhji wrote: | | -BEGIN PGP SIGNED MESSAGE- | Hash: SHA1 | | Hi Everyone, | | I am building a gateway/router from a i386 300Mhz, 32MB RAM, 5GB hda and | ~ I need to buy the NIC cards. I wanted to have three interface | connection points to my gateway/router. Does anyone have any suggestions | on the type of NIC I should use? I would appreciate some help. | | In addition, I'm new to BSD. I hail from the Redhat world, but I | anticipate FreeBSD to be a great addition to my network. | | HZS | | | | 10/100? There are less Gigabit types that are supported, yet, | but then the reason for that should be pretty obvious. | | Anyway, you generally can't go wrong with 3Com. That said, | I've never had trouble with 3Com, SiS, DEC/Intel, even RealTek | and the onboard VIA/Rhine stuff (drivers, respectively: xl, sis, dc, | rl, vr). | | That covers quite a few chipsets. There are plenty more. The | only problem I have answering your post is that I don't know what's | *not* supported. Also, some users have reported issues with watchdog | timeout errors using 5.X FBSD and one of the drivers mentioned above. | You could probably spot which one on Google ... | | HTH, | | Kevin Kinsey Well Kevin, Do you know where I can get a 3COM or Intel card for a good price??? I tried pricewatch.com however they all seem to be around the same between 29 - 35 dollars. That looks like a good price to me. You pay a little more for the better cards, but if you need the performance, it's worth it. If you're looking for low-cost, I've always had good success with the Realtek cards. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD Gateway???
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Everyone, I am building a gateway/router from a i386 300Mhz, 32MB RAM, 5GB hda and ~ I need to buy the NIC cards. I wanted to have three interface connection points to my gateway/router. Does anyone have any suggestions on the type of NIC I should use? I would appreciate some help. In addition, I'm new to BSD. I hail from the Redhat world, but I anticipate FreeBSD to be a great addition to my network. HZS -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBAdyvNF6tCt5tOyIRAqPLAJ9tyc3SbDvsvW6g3xmU3m6qsCf1nwCgt3Kl fnx7NOpoaTrCTF6e5jg1iX4= =agHz -END PGP SIGNATURE- smime.p7s Description: S/MIME Cryptographic Signature
Re: FreeBSD Gateway???
Hakim Z. Singhji wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Everyone, I am building a gateway/router from a i386 300Mhz, 32MB RAM, 5GB hda and ~ I need to buy the NIC cards. I wanted to have three interface connection points to my gateway/router. Does anyone have any suggestions on the type of NIC I should use? I would appreciate some help. In addition, I'm new to BSD. I hail from the Redhat world, but I anticipate FreeBSD to be a great addition to my network. HZS 10/100? There are less Gigabit types that are supported, yet, but then the reason for that should be pretty obvious. Anyway, you generally can't go wrong with 3Com. That said, I've never had trouble with 3Com, SiS, DEC/Intel, even RealTek and the onboard VIA/Rhine stuff (drivers, respectively: xl, sis, dc, rl, vr). That covers quite a few chipsets. There are plenty more. The only problem I have answering your post is that I don't know what's *not* supported. Also, some users have reported issues with watchdog timeout errors using 5.X FBSD and one of the drivers mentioned above. You could probably spot which one on Google ... HTH, Kevin Kinsey ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD Gateway???
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kevin D. Kinsey, DaleCo, S.P. wrote: | Hakim Z. Singhji wrote: | | -BEGIN PGP SIGNED MESSAGE- | Hash: SHA1 | | Hi Everyone, | | I am building a gateway/router from a i386 300Mhz, 32MB RAM, 5GB hda and | ~ I need to buy the NIC cards. I wanted to have three interface | connection points to my gateway/router. Does anyone have any suggestions | on the type of NIC I should use? I would appreciate some help. | | In addition, I'm new to BSD. I hail from the Redhat world, but I | anticipate FreeBSD to be a great addition to my network. | | HZS | | | | 10/100? There are less Gigabit types that are supported, yet, | but then the reason for that should be pretty obvious. | | Anyway, you generally can't go wrong with 3Com. That said, | I've never had trouble with 3Com, SiS, DEC/Intel, even RealTek | and the onboard VIA/Rhine stuff (drivers, respectively: xl, sis, dc, | rl, vr). | | That covers quite a few chipsets. There are plenty more. The | only problem I have answering your post is that I don't know what's | *not* supported. Also, some users have reported issues with watchdog | timeout errors using 5.X FBSD and one of the drivers mentioned above. | You could probably spot which one on Google ... | | HTH, | | Kevin Kinsey | ___ | [EMAIL PROTECTED] mailing list | http://lists.freebsd.org/mailman/listinfo/freebsd-newbies | To unsubscribe, send any mail to [EMAIL PROTECTED] | Well Kevin, Do you know where I can get a 3COM or Intel card for a good price??? I tried pricewatch.com however they all seem to be around the same between 29 - 35 dollars. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBAeS2NF6tCt5tOyIRAvVcAKDnxH1D1zBKCQUlW2+ehaoqNo5B0wCgn/TB 3m8zLQgRUmCTgb6eIbpVSoQ= =TE8C -END PGP SIGNATURE- smime.p7s Description: S/MIME Cryptographic Signature
freebsd gateway: 3 networks - 3 nic
Hello, I have the following setup in a school: Freebsd 5.2.1 with ipfilter ipnat. Network card 1 = fxp0 fractional T1 line (512kb) 64.140.xxx.xxx static public ip Network card 2 = xl1 10.1.1.2 internal lan /etc/rc.conf ifconfig_fxp0=inet 64.140.xxx.xxx netmask 255.255.255.224 ifconfig_xl0=inet 10.1.1.2 netmask 255.255.255.0 defaultrouter=64.140. xxx.yyy /etc/ipnat.conf map fxp0 10.1.1.0/24 - 0.0.0.0/32 proxy port ftp ftp/tcp map fxp0 10.1.1.0/24 - 0.0.0.0/32 portmap tcp/udp 1025:65000 map fxp0 10.1.1.0/24 - 0.0.0.0/32 /etc/ipf.conf pass out quick on fxp0 proto tcp all keep state pass out quick on fxp0 proto udp all keep state pass out quick on fxp0 proto icmp all keep state pass in quick on fxp0 proto tcp from any to any port = 22 pass in quick on fxp0 proto tcp from any to any port = 25 pass in quick on fxp0 proto tcp from any to any port = 80 block in quick on fxp0 all The problem is the fractional shadow T1 bandwidth is maxes out during daytime usage... I have a fast internet connection Comcast cable dhcp 3000Kb what I would like to also use, But need to keep the t1 too because its static ip needed for incoming mail and web... Any idea how this should done? Maybe: Install new nic with connection to Comcast cable modem.. ifconfig_newcard=DHCP defaultrouter=??? and this will update automatically when the Thanks, Andras Kende ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Setting up a FreeBSD Gateway question
Hello, I am trying to set up a Freebsd gateway. the gateway will connects to the net. i have a laptop that will connect to the gateway in order to access the net. the gateway has 2 NIC's, one external(vr0), one internal(dc0). the laptop is connected to the gateway via a cross-over cable. the gateway is running FreeBSD 4.7, the laptop is running red hat Linux 8.0. what do i need to do to get the gateway working and the laptop to access the net through the gateway? do i need to setup ipnat/ipfw? if so how? i also want to telnet or openssh the gateway. thank you, kyle To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Setting up a FreeBSD Gateway question
Hi, This is a pretty common procedure and is documented in the freebsd handbook. Please see: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/natd.html Beware the ipfw default to allow settings. I think there are also some tutorials out on the 'net. You will likely want to alter the inetd.conf file in /etc for enabling ssh and disabling whatever other features you don't want. You can also run ssh as a dedicated process. You can find more information about inetd in the handboox as well. Rich. | Rich Fox | [EMAIL PROTECTED] | 86 Nobska Road | Woods Hole, MA 02543 | MA 508 548 4358 | VA 703 201 6050 On Sun, 2 Feb 2003, Kyle wrote: Hello, I am trying to set up a Freebsd gateway. the gateway will connects to the net. i have a laptop that will connect to the gateway in order to access the net. the gateway has 2 NIC's, one external(vr0), one internal(dc0). the laptop is connected to the gateway via a cross-over cable. the gateway is running FreeBSD 4.7, the laptop is running red hat Linux 8.0. what do i need to do to get the gateway working and the laptop to access the net through the gateway? do i need to setup ipnat/ipfw? if so how? i also want to telnet or openssh the gateway. thank you, kyle To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: FreeBSD gateway
I am having almost the same exact problem. I've followed the guides on freebsddiary, in the handbook, and instructions here in the list, but I still can't ping out to the internet from my xp box. I can however ping the external NIC's IP address though. Maybe someone can post a simplified rc.firewall just for gateways? From: Constantine [EMAIL PROTECTED] To: Marc Perisa [EMAIL PROTECTED] CC: Derrick Ryalls [EMAIL PROTECTED],[EMAIL PROTECTED] Subject: Re: FreeBSD gateway Date: Wed, 20 Nov 2002 18:18:01 -0500 Marc Perisa wrote: Derrick Ryalls wrote: Hello! I have installed FreeBSD 4.7 recently, and it seems it does not want to work as a gateway. I have two network cards in my FreeBSD computer, fxp0 for LAN and sis0 for the cable modem. I am new to FreeBSD, so I am confused what the difference between gateways and routers is (I was thinking they link to the same thing). I can ping my FreeBSD box from winxp, I can ping internet from remote session to FreeBSD, but I cannot ping internet from my winxp. My winxp has ip 192.168.0.1, netmask 255.255.255.0, and gateway 192.168.0.18 settings. Now FreeBSD /etc/rc.conf follows: gateway_enable=YES kern_securelevel_enable=NO nfs_reserved_port_only=YES ifconfig_sis0=DHCP ifconfig_fxp0=inet 192.168.0.18 netmask 255.255.255.0 #router_enable=YES # from handbook gateway_enable=YES firewall_enable=YES firewall_type=OPEN natd_enable=YES natd_interface=sis0 natd_flags= #/ handbook Are your ip's reversed? I think the gateway should have the .1 address and the xp box should use the .18 Nope. He set his FreeBSD box to the IP 192.168.0.18 and his Windows XP box to 192.168.0.1 . All is ok with that. It is only uncommon to do. Normally you would give the defaultgateway for a network x.y.z.1 or x.y.z.254 . But it is not forbidden to set it to any IP in that subnet. Are you using the default kernel? If so, you will need to add a couple lines are recompile. options IPFIREWALL #firewall options IPDIVERT#divert sockets as for the difference between a router and a gateway, a gateway is a machine to deal with going from one network (lan) to another network (wan), I think. From your point of view (as needed for this problem) routers and gateways are the same. In this case the FreeBSD box is acting as a router for your internal net to the Internet. A simple router would do the same. But for more complex routing you have to either setup gated (or similar software) or add all rules (if they are static) by hand. A gateway is the simplest form of a router. The last two lines from dmesg: IP packet filtering initialized, divert disabled, rule-based forwarding enabled, default to deny, logging disabled ip_fw_ctl: invalid command That hints to a problem with the /etc/rc.firewall script (which is called when you add to /etc/rc.conf firewall_enable=YES). Please provide us with the output of ipfw list. (You have to do that as root of course). I think your firewall ruleset is not tuned for a gateway situation. Hope that helps Marc # ipfw show 001000 0 allow ip from any to any via lo0 002000 0 deny ip from any to 127.0.0.0/8 003000 0 deny ip from 127.0.0.0/8 to any 65000 8102 5158330 allow ip from any to any 655351 60 deny ip from any to any I want FreeBSD to act as a simple gateway for my LAN, but for some reason it does not want to work that way, though I have confirmed to the installation programme that I want FreeBSD to function as a gateway. What are the simplest steps I need to follow to make FreeBSD act as a gateway? (I have a fresh 4.7R installation) Thanks. Constantine To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message _ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: FreeBSD gateway
The last two lines from dmesg: IP packet filtering initialized, divert disabled, rule-based forwarding enabled, default to deny, logging disabled ip_fw_ctl: invalid command Well, I've been having the same exact problem as Constatine posted, so when I got home tonite and looked up the last error displayed here on google. Turns out that it means that IPDIVERT option isn't set in the kernel. Funny because I thought I had compiled it in, recompiling the kernel now, and I am hoping this will make all my problems go away. _ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: FreeBSD gateway
Marc Perisa wrote: Derrick Ryalls wrote: Hello! I have installed FreeBSD 4.7 recently, and it seems it does not want to work as a gateway. I have two network cards in my FreeBSD computer, fxp0 for LAN and sis0 for the cable modem. I am new to FreeBSD, so I am confused what the difference between gateways and routers is (I was thinking they link to the same thing). I can ping my FreeBSD box from winxp, I can ping internet from remote session to FreeBSD, but I cannot ping internet from my winxp. My winxp has ip 192.168.0.1, netmask 255.255.255.0, and gateway 192.168.0.18 settings. Now FreeBSD /etc/rc.conf follows: gateway_enable=YES kern_securelevel_enable=NO nfs_reserved_port_only=YES ifconfig_sis0=DHCP ifconfig_fxp0=inet 192.168.0.18 netmask 255.255.255.0 #router_enable=YES # from handbook gateway_enable=YES firewall_enable=YES firewall_type=OPEN natd_enable=YES natd_interface=sis0 natd_flags= #/ handbook Are your ip's reversed? I think the gateway should have the .1 address and the xp box should use the .18 Nope. He set his FreeBSD box to the IP 192.168.0.18 and his Windows XP box to 192.168.0.1 . All is ok with that. It is only uncommon to do. Normally you would give the defaultgateway for a network x.y.z.1 or x.y.z.254 . But it is not forbidden to set it to any IP in that subnet. Are you using the default kernel? If so, you will need to add a couple lines are recompile. options IPFIREWALL #firewall options IPDIVERT#divert sockets as for the difference between a router and a gateway, a gateway is a machine to deal with going from one network (lan) to another network (wan), I think. From your point of view (as needed for this problem) routers and gateways are the same. In this case the FreeBSD box is acting as a router for your internal net to the Internet. A simple router would do the same. But for more complex routing you have to either setup gated (or similar software) or add all rules (if they are static) by hand. A gateway is the simplest form of a router. The last two lines from dmesg: IP packet filtering initialized, divert disabled, rule-based forwarding enabled, default to deny, logging disabled ip_fw_ctl: invalid command That hints to a problem with the /etc/rc.firewall script (which is called when you add to /etc/rc.conf firewall_enable=YES). Please provide us with the output of ipfw list. (You have to do that as root of course). I think your firewall ruleset is not tuned for a gateway situation. Hope that helps Marc # ipfw show 001000 0 allow ip from any to any via lo0 002000 0 deny ip from any to 127.0.0.0/8 003000 0 deny ip from 127.0.0.0/8 to any 65000 8102 5158330 allow ip from any to any 655351 60 deny ip from any to any I want FreeBSD to act as a simple gateway for my LAN, but for some reason it does not want to work that way, though I have confirmed to the installation programme that I want FreeBSD to function as a gateway. What are the simplest steps I need to follow to make FreeBSD act as a gateway? (I have a fresh 4.7R installation) Thanks. Constantine To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
FreeBSD gateway
Hello! I have installed FreeBSD 4.7 recently, and it seems it does not want to work as a gateway. I have two network cards in my FreeBSD computer, fxp0 for LAN and sis0 for the cable modem. I am new to FreeBSD, so I am confused what the difference between gateways and routers is (I was thinking they link to the same thing). I can ping my FreeBSD box from winxp, I can ping internet from remote session to FreeBSD, but I cannot ping internet from my winxp. My winxp has ip 192.168.0.1, netmask 255.255.255.0, and gateway 192.168.0.18 settings. Now FreeBSD /etc/rc.conf follows: gateway_enable=YES kern_securelevel_enable=NO nfs_reserved_port_only=YES ifconfig_sis0=DHCP ifconfig_fxp0=inet 192.168.0.18 netmask 255.255.255.0 #router_enable=YES # from handbook gateway_enable=YES firewall_enable=YES firewall_type=OPEN natd_enable=YES natd_interface=sis0 natd_flags= #/ handbook The last two lines from dmesg: IP packet filtering initialized, divert disabled, rule-based forwarding enabled, default to deny, logging disabled ip_fw_ctl: invalid command %netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default68.105.xxx.x UGSc20 sis0 68.105.xxx/24 link#1 UC 10 sis0 68.105.xxx.x 00:03:xx:xx:xx:xx UHLW30 sis0 1197 68.105.xxx.xxx 127.0.0.1 UGHS00lo0 127.0.0.1 127.0.0.1 UH 10lo0 192.168.0 link#2 UC 10 fxp0 192.168.0.100:04:xx:xx:xx:xx UHLW328742 fxp0 1005 Thank you! -- Constantine To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: FreeBSD gateway
Hello! I have installed FreeBSD 4.7 recently, and it seems it does not want to work as a gateway. I have two network cards in my FreeBSD computer, fxp0 for LAN and sis0 for the cable modem. I am new to FreeBSD, so I am confused what the difference between gateways and routers is (I was thinking they link to the same thing). I can ping my FreeBSD box from winxp, I can ping internet from remote session to FreeBSD, but I cannot ping internet from my winxp. My winxp has ip 192.168.0.1, netmask 255.255.255.0, and gateway 192.168.0.18 settings. Now FreeBSD /etc/rc.conf follows: gateway_enable=YES kern_securelevel_enable=NO nfs_reserved_port_only=YES ifconfig_sis0=DHCP ifconfig_fxp0=inet 192.168.0.18 netmask 255.255.255.0 #router_enable=YES # from handbook gateway_enable=YES firewall_enable=YES firewall_type=OPEN natd_enable=YES natd_interface=sis0 natd_flags= #/ handbook Are your ip's reversed? I think the gateway should have the .1 address and the xp box should use the .18 Are you using the default kernel? If so, you will need to add a couple lines are recompile. options IPFIREWALL #firewall options IPDIVERT#divert sockets as for the difference between a router and a gateway, a gateway is a machine to deal with going from one network (lan) to another network (wan), I think. The last two lines from dmesg: IP packet filtering initialized, divert disabled, rule-based forwarding enabled, default to deny, logging disabled ip_fw_ctl: invalid command %netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default68.105.xxx.x UGSc20 sis0 68.105.xxx/24 link#1 UC 10 sis0 68.105.xxx.x 00:03:xx:xx:xx:xx UHLW30 sis0 1197 68.105.xxx.xxx 127.0.0.1 UGHS00lo0 127.0.0.1 127.0.0.1 UH 10lo0 192.168.0 link#2 UC 10 fxp0 192.168.0.100:04:xx:xx:xx:xx UHLW328742 fxp0 1005 Thank you! -- Constantine To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: FreeBSD gateway
Derrick Ryalls wrote: Hello! I have installed FreeBSD 4.7 recently, and it seems it does not want to work as a gateway. I have two network cards in my FreeBSD computer, fxp0 for LAN and sis0 for the cable modem. I am new to FreeBSD, so I am confused what the difference between gateways and routers is (I was thinking they link to the same thing). I can ping my FreeBSD box from winxp, I can ping internet from remote session to FreeBSD, but I cannot ping internet from my winxp. My winxp has ip 192.168.0.1, netmask 255.255.255.0, and gateway 192.168.0.18 settings. Now FreeBSD /etc/rc.conf follows: gateway_enable=YES kern_securelevel_enable=NO nfs_reserved_port_only=YES ifconfig_sis0=DHCP ifconfig_fxp0=inet 192.168.0.18 netmask 255.255.255.0 #router_enable=YES # from handbook gateway_enable=YES firewall_enable=YES firewall_type=OPEN natd_enable=YES natd_interface=sis0 natd_flags= #/ handbook Are your ip's reversed? I think the gateway should have the .1 address and the xp box should use the .18 Nope. He set his FreeBSD box to the IP 192.168.0.18 and his Windows XP box to 192.168.0.1 . All is ok with that. It is only uncommon to do. Normally you would give the defaultgateway for a network x.y.z.1 or x.y.z.254 . But it is not forbidden to set it to any IP in that subnet. Are you using the default kernel? If so, you will need to add a couple lines are recompile. options IPFIREWALL #firewall options IPDIVERT#divert sockets as for the difference between a router and a gateway, a gateway is a machine to deal with going from one network (lan) to another network (wan), I think. From your point of view (as needed for this problem) routers and gateways are the same. In this case the FreeBSD box is acting as a router for your internal net to the Internet. A simple router would do the same. But for more complex routing you have to either setup gated (or similar software) or add all rules (if they are static) by hand. A gateway is the simplest form of a router. The last two lines from dmesg: IP packet filtering initialized, divert disabled, rule-based forwarding enabled, default to deny, logging disabled ip_fw_ctl: invalid command That hints to a problem with the /etc/rc.firewall script (which is called when you add to /etc/rc.conf firewall_enable=YES). Please provide us with the output of ipfw list. (You have to do that as root of course). I think your firewall ruleset is not tuned for a gateway situation. Hope that helps Marc To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message