Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
On Wed, 2008-10-15 at 22:22 -0700, mdh wrote: --- On Thu, 10/16/08, Da Rock [EMAIL PROTECTED] wrote: From: Da Rock [EMAIL PROTECTED] Subject: Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system To: freebsd-questions@freebsd.org Date: Thursday, October 16, 2008, 1:04 AM grin Actually I'm not sure... I'm just an innocent bystander :) Throughout the thread there was mention of enabling nat in the rc.conf, so whichever that was... My consideration was just in general. Someone mentioned enabling nat, another said don't double nat, so I thought routed would be better. But it seems routed is not the way to go, but to keep gateway_enable: question remains as to whether to use nat or not (I suppose in any form; but if you can enlighten me with regard if one form of nat is better than another especially in the case of double nat then I'd appreciate the information). The main reason I'm bring up this issue is to clarify (and possibly the OP will then get a better picture too) of precisely how to accomplish the result required. And maybe increase my knowledge of the subject too :) thats always a good thing. Essentially, you need three things to accomplish nat'ing via the way I'm going to describe. There're several ways to do it, but I'll only cover one here, because to describe others, I'd need to go look up docs, which you're more than welcome to do for yourself if you don't like the way I'm going to touch on. First, you need gateway_enable set to yes in /etc/rc.conf. This is universally true regardless of which method you use for nat'ing. What this does is instruct the kernel that it has multiple interfaces, and that it must pass packets across them, acting as a router. This has nothing to do with various route discovery protocols, it only sets a sysctl which tells the kernel to route packets across multiple interfaces. The default behavior is for the kernel not to do so. Second, you'll need some way for your NAT to get packets. In some cases, the NAT method is built into the way that it gets packets. With the way I'm discussing here, it's not. In this case, we'll use `ipfw`. You'll need a kernel that supports ipfw for this to work, obviously. The rule you'll need should look something like this: divert 8668 ip4 from any to any via sis0 Where sis0 is your EXTERNAL network interface (ie, the one facing your cable modem, modem, or whatever else.) The command to add this should look something like: `ipfw add rule number divert 8668 ip4 from any to any via interface` where rule number is the rule number you'll use (it should be a low one!) and interface is your external-facing network interface device. Third, you'll need natd itself. natd can be enabled via - you guessed it - the rc.conf variable natd_enable. That's not all, though. You'll also need to (in rc.conf) set natd_interface to the interface you specified in the firewall rule, and you'll almost certainly want to set natd_flags to -u. So all in all, you'll need the ipfw rule, ipfw enabled in your kernel, and the following lines in rc.conf: gateway_enable=YES natd_program=/sbin/natd natd_enable=YES natd_interface=sis0 natd_flags=-u You may also need to run dhclient or somesuch to get an address from your ISP, but that's a whole other story. Enjoy. - mdh Been there, done that before (at the time I was merely fumbling, but I have greater experience now)... interesting point in that is the fact that natd_enable tells the kernel to pass packets between interfaces. I'm assuming the problem with double nat'ing is the confusion in packet traffic. So if the OP is using his ADSL modem to connect to the net, then it could be safe to assume the public IP would be to the modem itself, and not his box (barring the possible use of USB), so then the nat'ing would already be done. Therefore, the best and easiest way would be to simply bridge his interfaces- correct? Less overheads, etc, plus simplicity of setup. Oh I love a good hypothetical- it lets me experiment with systems without touching anything or breaking it :) The fact that someone else might build on their knowledge is just a cherry on top. I've not come across another list that so freely shares knowledge... its great! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
On Thu, 2008-10-16 at 06:54 -0400, Michael Powell wrote: Da Rock wrote: [snip] I'm assuming the problem with double nat'ing is the confusion in packet traffic. So if the OP is using his ADSL modem to connect to the net, then it could be safe to assume the public IP would be to the modem itself, and not his box (barring the possible use of USB), so then the nat'ing would already be done. Therefore, the best and easiest way would be to simply bridge his interfaces- correct? Less overheads, etc, plus simplicity of setup. There is another option, a variant of which I use. My el cheapo deluxe DSL modem has really crappy broken firewall and DNS implementations. Wireshark showed Windows Messenger service spam leaking past and as soon as I saw that I assumed it was probably the tip of the iceberg. You can also bridge the modem (disabling it's NAT as well). In a fully bridged configuration your FreeBSD gateway will have to perform PPPoE handshake and login as well. Setting up the modem itself this way can be tricky at times, depending on the model and the service. One gotcha with this method can be if your ISP is using heartbeat, and so you'll have to either script yourself or find one that suits. I use a second option called split-bridge, which they have named IP Passthrough. This allows the DSL modem to be responsible for the PPPoE session. It works by passing the WAN public IP to the Internet facing NIC in my FreeBSD box via DHCP. So, while my interior LAN NIC is static, my outside NIC is ifconfig_xl0=DHCP. It gets assigned whatever IP Verizon sends. Is this also called IP spoofing? I just like this particular arrangement better. I run a caching/hybrid DNS server on the gateway as well. I've used this configuration for about 2 years now and it has served me well. I also use ALTQ to prioritize outgoing acks, as this seems to be helpful when using asymmetric DSL. Sounds very stable- I might have to look into the ALTQ (one day, when I finally get through my other projects... :) ). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
On Thu, Oct 16, 2008 at 09:29:04PM +1000, Da Rock wrote: On Thu, 2008-10-16 at 06:54 -0400, Michael Powell wrote: Da Rock wrote: [snip] I'm assuming the problem with double nat'ing is the confusion in packet traffic. So if the OP is using his ADSL modem to connect to the net, then it could be safe to assume the public IP would be to the modem itself, and not his box (barring the possible use of USB), so then the nat'ing would already be done. Therefore, the best and easiest way would be to simply bridge his interfaces- correct? Less overheads, etc, plus simplicity of setup. There is another option, a variant of which I use. My el cheapo deluxe DSL modem has really crappy broken firewall and DNS implementations. Wireshark showed Windows Messenger service spam leaking past and as soon as I saw that I assumed it was probably the tip of the iceberg. You can also bridge the modem (disabling it's NAT as well). In a fully bridged configuration your FreeBSD gateway will have to perform PPPoE handshake and login as well. Setting up the modem itself this way can be tricky at times, depending on the model and the service. One gotcha with this method can be if your ISP is using heartbeat, and so you'll have to either script yourself or find one that suits. I use a second option called split-bridge, which they have named IP Passthrough. This allows the DSL modem to be responsible for the PPPoE session. It works by passing the WAN public IP to the Internet facing NIC in my FreeBSD box via DHCP. So, while my interior LAN NIC is static, my outside NIC is ifconfig_xl0=DHCP. It gets assigned whatever IP Verizon sends. Is this also called IP spoofing? No, this is **NOT** IP spoofing. What Michael's describing is a feature many DSL modems offer. There is no official term for what it is, since DSL modems are supposed to be bridges (layer 2 devices), but in fact this feature causes the modem to act like something that sits between layer 2 and layer 3 -- yet is not a router. Different modems call it something different. If you enable this feature, what happens is this: The modem requires you to access its administrative web page. You insert your PPPoE Username and Password (which it saves to NVRAM/EEPROM), and click Connect. The DSL modem then continues to do the PPPoE encapsulation, so that your FreeBSD box, Windows box, or whatever (that's connected to the DSL modem on the LAN port) does not have to. The modem is given an IP address as part of the PPPoE hand-off. That IP address is, of course, a public Internet IP. The modem also enables use of a DHCP server, so that a machine connect to its LAN port can do a DHCP request and get an IP address -- but here's the kicker. The IP address the modem returns to the machine on the LAN is the public IP address the ISP gave the modem via PPPoE. So how does this work? All network I/O between the LAN port and the modem itself is done at layer 2 past that point -- meaning, the modem acts almost purely as a bridge from that point forward: but it still does the PPPoE encapsulation for you. So, like I said, the modem acts like a device that sits between layer 2 and layer 3. Does this make more sense? The reason this feature is HIGHLY desired is because not all PPPoE implementations are compatible with an ISPs implementation. It is *always* best to use whatever equipment they give you or guarantee works with them; using your own, or some other PPPoE daemon/method, can result in lots of trouble. I've personally used this method, I might add. I can give you reference material on how to set it up and use it, over at dslreports.com. Lots of DSL modems these days offer said feature. -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
On Thu, 2008-10-16 at 04:43 -0700, Jeremy Chadwick wrote: On Thu, Oct 16, 2008 at 09:29:04PM +1000, Da Rock wrote: On Thu, 2008-10-16 at 06:54 -0400, Michael Powell wrote: Da Rock wrote: [snip] I'm assuming the problem with double nat'ing is the confusion in packet traffic. So if the OP is using his ADSL modem to connect to the net, then it could be safe to assume the public IP would be to the modem itself, and not his box (barring the possible use of USB), so then the nat'ing would already be done. Therefore, the best and easiest way would be to simply bridge his interfaces- correct? Less overheads, etc, plus simplicity of setup. There is another option, a variant of which I use. My el cheapo deluxe DSL modem has really crappy broken firewall and DNS implementations. Wireshark showed Windows Messenger service spam leaking past and as soon as I saw that I assumed it was probably the tip of the iceberg. You can also bridge the modem (disabling it's NAT as well). In a fully bridged configuration your FreeBSD gateway will have to perform PPPoE handshake and login as well. Setting up the modem itself this way can be tricky at times, depending on the model and the service. One gotcha with this method can be if your ISP is using heartbeat, and so you'll have to either script yourself or find one that suits. I use a second option called split-bridge, which they have named IP Passthrough. This allows the DSL modem to be responsible for the PPPoE session. It works by passing the WAN public IP to the Internet facing NIC in my FreeBSD box via DHCP. So, while my interior LAN NIC is static, my outside NIC is ifconfig_xl0=DHCP. It gets assigned whatever IP Verizon sends. Is this also called IP spoofing? No, this is **NOT** IP spoofing. What Michael's describing is a feature many DSL modems offer. There is no official term for what it is, since DSL modems are supposed to be bridges (layer 2 devices), but in fact this feature causes the modem to act like something that sits between layer 2 and layer 3 -- yet is not a router. Different modems call it something different. If you enable this feature, what happens is this: The modem requires you to access its administrative web page. You insert your PPPoE Username and Password (which it saves to NVRAM/EEPROM), and click Connect. The DSL modem then continues to do the PPPoE encapsulation, so that your FreeBSD box, Windows box, or whatever (that's connected to the DSL modem on the LAN port) does not have to. The modem is given an IP address as part of the PPPoE hand-off. That IP address is, of course, a public Internet IP. The modem also enables use of a DHCP server, so that a machine connect to its LAN port can do a DHCP request and get an IP address -- but here's the kicker. The IP address the modem returns to the machine on the LAN is the public IP address the ISP gave the modem via PPPoE. So how does this work? All network I/O between the LAN port and the modem itself is done at layer 2 past that point -- meaning, the modem acts almost purely as a bridge from that point forward: but it still does the PPPoE encapsulation for you. So, like I said, the modem acts like a device that sits between layer 2 and layer 3. Does this make more sense? The reason this feature is HIGHLY desired is because not all PPPoE implementations are compatible with an ISPs implementation. It is *always* best to use whatever equipment they give you or guarantee works with them; using your own, or some other PPPoE daemon/method, can result in lots of trouble. I've personally used this method, I might add. I can give you reference material on how to set it up and use it, over at dslreports.com. Lots of DSL modems these days offer said feature. Ok, that explains it. The IP spoofing term comes from the Alcatel SpeedTouch systems used by Telstra in Oz. If there is no official term for it then thats why they've decided to call it that- right or wrong. They use firmware updates to enable this feature or others, and can be botched easily so for reference copy the original firmware as a backup if possible! It certainly would save trouble with their equipment because of the heartbeat feature. Sounds very cool... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
Da Rock wrote: [snip] I'm assuming the problem with double nat'ing is the confusion in packet traffic. So if the OP is using his ADSL modem to connect to the net, then it could be safe to assume the public IP would be to the modem itself, and not his box (barring the possible use of USB), so then the nat'ing would already be done. Therefore, the best and easiest way would be to simply bridge his interfaces- correct? Less overheads, etc, plus simplicity of setup. There is another option, a variant of which I use. My el cheapo deluxe DSL modem has really crappy broken firewall and DNS implementations. Wireshark showed Windows Messenger service spam leaking past and as soon as I saw that I assumed it was probably the tip of the iceberg. You can also bridge the modem (disabling it's NAT as well). In a fully bridged configuration your FreeBSD gateway will have to perform PPPoE handshake and login as well. I use a second option called split-bridge, which they have named IP Passthrough. This allows the DSL modem to be responsible for the PPPoE session. It works by passing the WAN public IP to the Internet facing NIC in my FreeBSD box via DHCP. So, while my interior LAN NIC is static, my outside NIC is ifconfig_xl0=DHCP. It gets assigned whatever IP Verizon sends. I just like this particular arrangement better. I run a caching/hybrid DNS server on the gateway as well. I've used this configuration for about 2 years now and it has served me well. I also use ALTQ to prioritize outgoing acks, as this seems to be helpful when using asymmetric DSL. [snip] -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
On Thu, 16 Oct 2008 04:43:48 -0700 Jeremy Chadwick [EMAIL PROTECTED] wrote: What Michael's describing is a feature many DSL modems offer. There is no official term for what it is, They are commonly referred to as half-bridge modems. The reason this feature is HIGHLY desired is because not all PPPoE implementations are compatible with an ISPs implementation. Even more so if you have PPPoA with no, or poorly-supported, PPPoE. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
On 10/14/2008 at 12:03 PM [EMAIL PROTECTED] wrote: |Manish Jain [EMAIL PROTECTED] writes: | | I am poor at networking and need a little bit of help. My dad has a | Windows 2000 machine with a network card but does not have a connection | to the internet. | |When I started writing this, I thought that system had been abandoned |already, but it appears Microsoft will offer a measure of support |through next year sometime. Do see that the system gets properly |updated before you put it on the net. = Important advice. I also run Windows 2000 on my home PCs (the ones that are still in the Windows world).Security updates are still being offered by Microsoft (through next June, I believe). It is important to bring your Dad's install of Windows 2000 up to the current patch level. A visit to Windows Update will do the trick for the Windows software. Other things (e.g., Adobe's Flash, Acrobat reader, etc.) may also need a version refresh to be safe for the 'Net. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
On Tue, 2008-10-14 at 06:46 -0400, Michael Powell wrote: Jeremy Chadwick wrote: On Tue, Oct 14, 2008 at 04:55:11AM -0400, Michael Powell wrote: [snip] Next, you will want to configure your FreeBSD machine as a NAT gateway. In your /etc/rc.conf you will want something like gateway_enable=YES and some form of firewall initialization[1]. The gateway_enable is what allows the forwarding of packets between your rl0 and your rl1, but the activation of NAT functionality is usually a function contained within a firewall. So conceptually, the firewall will be in between rl0 and rl1. There are three different firewalls you can choose from. Configuring the firewall is usually where the inexperienced get stuck. This subject material is beyond the scope of this missive, and you would do well to start reading in the Handbook. But essentially, when you configure NAT in the firewall your rl0 (connected to the ISP) will be assigned a Public IP address and the NAT function will translate between Public and Private. With respect to NAT, the caveat here is the assumption that your DSL/Cable modem is *not* already performing NAT. The situation you do not want to get into is having *two* NATs. The content herein is assuming that the external (rl0) interface is getting assigned a Public IP from the ISP. If this is the case wouldn't the OP set router_enable=YES instead of gateway? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
On Wed, Oct 15, 2008 at 08:40:48PM +1000, Da Rock wrote: On Tue, 2008-10-14 at 06:46 -0400, Michael Powell wrote: Jeremy Chadwick wrote: On Tue, Oct 14, 2008 at 04:55:11AM -0400, Michael Powell wrote: [snip] Next, you will want to configure your FreeBSD machine as a NAT gateway. In your /etc/rc.conf you will want something like gateway_enable=YES and some form of firewall initialization[1]. The gateway_enable is what allows the forwarding of packets between your rl0 and your rl1, but the activation of NAT functionality is usually a function contained within a firewall. So conceptually, the firewall will be in between rl0 and rl1. There are three different firewalls you can choose from. Configuring the firewall is usually where the inexperienced get stuck. This subject material is beyond the scope of this missive, and you would do well to start reading in the Handbook. But essentially, when you configure NAT in the firewall your rl0 (connected to the ISP) will be assigned a Public IP address and the NAT function will translate between Public and Private. With respect to NAT, the caveat here is the assumption that your DSL/Cable modem is *not* already performing NAT. The situation you do not want to get into is having *two* NATs. The content herein is assuming that the external (rl0) interface is getting assigned a Public IP from the ISP. If this is the case wouldn't the OP set router_enable=YES instead of gateway? No. router_enable causes routed(8) to run, which allows for announcements and withdraws of network routes via RIPv1/v2. This is something completely different than forwarding packets. What the OP wants is to route packets from his private LAN (e.g. 192.168.0.0/16) on to the Internet using NAT. That means he has to have a NAT gateway of some kind that forwards and translates packets. That means he needs gateway_enable=yes, which allows IPv4 forwarding to happen through the FreeBSD box. In layman's terms, it allows the FreeBSD box to be used a Gateway for other computers which are connected to it directly. -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
Unless the question is as broad as 'how do I learn about FreeBSD' it is worthwhile to help the person aim that shotgun or exchange it for a rifle. Interesting analogy- I like it :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
On Wed, 2008-10-15 at 04:10 -0700, Jeremy Chadwick wrote: On Wed, Oct 15, 2008 at 08:40:48PM +1000, Da Rock wrote: On Tue, 2008-10-14 at 06:46 -0400, Michael Powell wrote: Jeremy Chadwick wrote: On Tue, Oct 14, 2008 at 04:55:11AM -0400, Michael Powell wrote: [snip] Next, you will want to configure your FreeBSD machine as a NAT gateway. In your /etc/rc.conf you will want something like gateway_enable=YES and some form of firewall initialization[1]. The gateway_enable is what allows the forwarding of packets between your rl0 and your rl1, but the activation of NAT functionality is usually a function contained within a firewall. So conceptually, the firewall will be in between rl0 and rl1. There are three different firewalls you can choose from. Configuring the firewall is usually where the inexperienced get stuck. This subject material is beyond the scope of this missive, and you would do well to start reading in the Handbook. But essentially, when you configure NAT in the firewall your rl0 (connected to the ISP) will be assigned a Public IP address and the NAT function will translate between Public and Private. With respect to NAT, the caveat here is the assumption that your DSL/Cable modem is *not* already performing NAT. The situation you do not want to get into is having *two* NATs. The content herein is assuming that the external (rl0) interface is getting assigned a Public IP from the ISP. If this is the case wouldn't the OP set router_enable=YES instead of gateway? No. router_enable causes routed(8) to run, which allows for announcements and withdraws of network routes via RIPv1/v2. This is something completely different than forwarding packets. What the OP wants is to route packets from his private LAN (e.g. 192.168.0.0/16) on to the Internet using NAT. That means he has to have a NAT gateway of some kind that forwards and translates packets. That means he needs gateway_enable=yes, which allows IPv4 forwarding to happen through the FreeBSD box. In layman's terms, it allows the FreeBSD box to be used a Gateway for other computers which are connected to it directly. Ok, then. So it would be gateway_enable, but no nat_enable? (To avoid double nat'ing) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
On Thu, Oct 16, 2008 at 10:15:49AM +1000, Da Rock wrote: On Wed, 2008-10-15 at 04:10 -0700, Jeremy Chadwick wrote: On Wed, Oct 15, 2008 at 08:40:48PM +1000, Da Rock wrote: On Tue, 2008-10-14 at 06:46 -0400, Michael Powell wrote: Jeremy Chadwick wrote: On Tue, Oct 14, 2008 at 04:55:11AM -0400, Michael Powell wrote: [snip] Next, you will want to configure your FreeBSD machine as a NAT gateway. In your /etc/rc.conf you will want something like gateway_enable=YES and some form of firewall initialization[1]. The gateway_enable is what allows the forwarding of packets between your rl0 and your rl1, but the activation of NAT functionality is usually a function contained within a firewall. So conceptually, the firewall will be in between rl0 and rl1. There are three different firewalls you can choose from. Configuring the firewall is usually where the inexperienced get stuck. This subject material is beyond the scope of this missive, and you would do well to start reading in the Handbook. But essentially, when you configure NAT in the firewall your rl0 (connected to the ISP) will be assigned a Public IP address and the NAT function will translate between Public and Private. With respect to NAT, the caveat here is the assumption that your DSL/Cable modem is *not* already performing NAT. The situation you do not want to get into is having *two* NATs. The content herein is assuming that the external (rl0) interface is getting assigned a Public IP from the ISP. If this is the case wouldn't the OP set router_enable=YES instead of gateway? No. router_enable causes routed(8) to run, which allows for announcements and withdraws of network routes via RIPv1/v2. This is something completely different than forwarding packets. What the OP wants is to route packets from his private LAN (e.g. 192.168.0.0/16) on to the Internet using NAT. That means he has to have a NAT gateway of some kind that forwards and translates packets. That means he needs gateway_enable=yes, which allows IPv4 forwarding to happen through the FreeBSD box. In layman's terms, it allows the FreeBSD box to be used a Gateway for other computers which are connected to it directly. Ok, then. So it would be gateway_enable, but no nat_enable? (To avoid double nat'ing) Do you mean firewall_nat_enable, natd_enable, or ipnat_enable? :-) See /etc/defaults/rc.conf. -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
On Wed, 2008-10-15 at 21:19 -0700, Jeremy Chadwick wrote: On Thu, Oct 16, 2008 at 10:15:49AM +1000, Da Rock wrote: On Wed, 2008-10-15 at 04:10 -0700, Jeremy Chadwick wrote: On Wed, Oct 15, 2008 at 08:40:48PM +1000, Da Rock wrote: On Tue, 2008-10-14 at 06:46 -0400, Michael Powell wrote: Jeremy Chadwick wrote: On Tue, Oct 14, 2008 at 04:55:11AM -0400, Michael Powell wrote: [snip] Next, you will want to configure your FreeBSD machine as a NAT gateway. In your /etc/rc.conf you will want something like gateway_enable=YES and some form of firewall initialization[1]. The gateway_enable is what allows the forwarding of packets between your rl0 and your rl1, but the activation of NAT functionality is usually a function contained within a firewall. So conceptually, the firewall will be in between rl0 and rl1. There are three different firewalls you can choose from. Configuring the firewall is usually where the inexperienced get stuck. This subject material is beyond the scope of this missive, and you would do well to start reading in the Handbook. But essentially, when you configure NAT in the firewall your rl0 (connected to the ISP) will be assigned a Public IP address and the NAT function will translate between Public and Private. With respect to NAT, the caveat here is the assumption that your DSL/Cable modem is *not* already performing NAT. The situation you do not want to get into is having *two* NATs. The content herein is assuming that the external (rl0) interface is getting assigned a Public IP from the ISP. If this is the case wouldn't the OP set router_enable=YES instead of gateway? No. router_enable causes routed(8) to run, which allows for announcements and withdraws of network routes via RIPv1/v2. This is something completely different than forwarding packets. What the OP wants is to route packets from his private LAN (e.g. 192.168.0.0/16) on to the Internet using NAT. That means he has to have a NAT gateway of some kind that forwards and translates packets. That means he needs gateway_enable=yes, which allows IPv4 forwarding to happen through the FreeBSD box. In layman's terms, it allows the FreeBSD box to be used a Gateway for other computers which are connected to it directly. Ok, then. So it would be gateway_enable, but no nat_enable? (To avoid double nat'ing) Do you mean firewall_nat_enable, natd_enable, or ipnat_enable? :-) See /etc/defaults/rc.conf. grin Actually I'm not sure... I'm just an innocent bystander :) Throughout the thread there was mention of enabling nat in the rc.conf, so whichever that was... My consideration was just in general. Someone mentioned enabling nat, another said don't double nat, so I thought routed would be better. But it seems routed is not the way to go, but to keep gateway_enable: question remains as to whether to use nat or not (I suppose in any form; but if you can enlighten me with regard if one form of nat is better than another especially in the case of double nat then I'd appreciate the information). The main reason I'm bring up this issue is to clarify (and possibly the OP will then get a better picture too) of precisely how to accomplish the result required. And maybe increase my knowledge of the subject too :) thats always a good thing. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
--- On Thu, 10/16/08, Da Rock [EMAIL PROTECTED] wrote: From: Da Rock [EMAIL PROTECTED] Subject: Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system To: freebsd-questions@freebsd.org Date: Thursday, October 16, 2008, 1:04 AM grin Actually I'm not sure... I'm just an innocent bystander :) Throughout the thread there was mention of enabling nat in the rc.conf, so whichever that was... My consideration was just in general. Someone mentioned enabling nat, another said don't double nat, so I thought routed would be better. But it seems routed is not the way to go, but to keep gateway_enable: question remains as to whether to use nat or not (I suppose in any form; but if you can enlighten me with regard if one form of nat is better than another especially in the case of double nat then I'd appreciate the information). The main reason I'm bring up this issue is to clarify (and possibly the OP will then get a better picture too) of precisely how to accomplish the result required. And maybe increase my knowledge of the subject too :) thats always a good thing. Essentially, you need three things to accomplish nat'ing via the way I'm going to describe. There're several ways to do it, but I'll only cover one here, because to describe others, I'd need to go look up docs, which you're more than welcome to do for yourself if you don't like the way I'm going to touch on. First, you need gateway_enable set to yes in /etc/rc.conf. This is universally true regardless of which method you use for nat'ing. What this does is instruct the kernel that it has multiple interfaces, and that it must pass packets across them, acting as a router. This has nothing to do with various route discovery protocols, it only sets a sysctl which tells the kernel to route packets across multiple interfaces. The default behavior is for the kernel not to do so. Second, you'll need some way for your NAT to get packets. In some cases, the NAT method is built into the way that it gets packets. With the way I'm discussing here, it's not. In this case, we'll use `ipfw`. You'll need a kernel that supports ipfw for this to work, obviously. The rule you'll need should look something like this: divert 8668 ip4 from any to any via sis0 Where sis0 is your EXTERNAL network interface (ie, the one facing your cable modem, modem, or whatever else.) The command to add this should look something like: `ipfw add rule number divert 8668 ip4 from any to any via interface` where rule number is the rule number you'll use (it should be a low one!) and interface is your external-facing network interface device. Third, you'll need natd itself. natd can be enabled via - you guessed it - the rc.conf variable natd_enable. That's not all, though. You'll also need to (in rc.conf) set natd_interface to the interface you specified in the firewall rule, and you'll almost certainly want to set natd_flags to -u. So all in all, you'll need the ipfw rule, ipfw enabled in your kernel, and the following lines in rc.conf: gateway_enable=YES natd_program=/sbin/natd natd_enable=YES natd_interface=sis0 natd_flags=-u You may also need to run dhclient or somesuch to get an address from your ISP, but that's a whole other story. Enjoy. - mdh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
On Tue, 14 Oct 2008 15:35:31 +0300, Manolis Kiagias [EMAIL PROTECTED] wrote: Giorgos Keramidas wrote: Adding a few options in `loader.conf' should preload IPFW and DIVERT in the running kernel: ipfw_load=YES ipdivert_load=YES Then the rest of the `rc.conf' options described in the current text work as expected. I can't boot my 6.2-RELEASE installation today to verify that this works in that version too, but if you have one around and it seems to work, let me know and I'll handle the doc bits :-) FWIW, both modules load fine in my VMWare based 6.2-RELEASE. Thanks :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
On Tue, Oct 14, 2008 at 09:52:54AM +0200, Wojciech Puchar wrote: internet. My freebsd 6.2 box is connected to the internet and has 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is directly connected via a long Ethernet cable to the NIC on my dad's machine. While I can access the internet easily, I want my dad to be able to connect to the internet with my freebsd box serving as the gateway. Can anyone please explain to me in easy steps how to accomplish this ? reading admin's handbook or using google will give you an answer True, but often it is helpful to give some hints about what to search for in the handbook or the net.Where to start looking and/or how to narrow the search is often the biggest problem. Unless the question is as broad as 'how do I learn about FreeBSD' it is worthwhile to help the person aim that shotgun or exchange it for a rifle. jerry ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
Manish Jain wrote: Hi, I am poor at networking and need a little bit of help. My dad has a Windows 2000 machine with a network card but does not have a connection to the internet. My freebsd 6.2 box is connected to the internet and has 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is directly connected via a long Ethernet cable to the NIC on my dad's machine. While I can access the internet easily, I want my dad to be able to connect to the internet with my freebsd box serving as the gateway. Can anyone please explain to me in easy steps how to accomplish this ? Although to many old-timers this is easily achieved, to someone new to networking it is difficult to explain it in easy steps. It involves a set of pieces that have to fit together correctly in order to work. You will need to do some proper reading on the underlying concepts first. First, establish that there exists basic network connectivity between your machine and your dads. You may need to use a crossover cable. You will want to assign a static IP address in the Private IP space range to your rl1 interface. This is also known as RFC 1918. You will also want to manually configure a static IP on your dad's machine that is in the same network, instead of allowing it to come up on the link.local of 169.254.x.x. An example would be your rl1 == 192.168.10.1 netmask 255.255.255.0 and your dad's machine == 192.168.10.2 netmask 255.255.255.0. For DNS at this stage you can use hosts files on each host for name resolution. Ensure that each machine can be ping'd by the other. Next, you will want to configure your FreeBSD machine as a NAT gateway. In your /etc/rc.conf you will want something like gateway_enable=YES and some form of firewall initialization[1]. The gateway_enable is what allows the forwarding of packets between your rl0 and your rl1, but the activation of NAT functionality is usually a function contained within a firewall. So conceptually, the firewall will be in between rl0 and rl1. There are three different firewalls you can choose from. Configuring the firewall is usually where the inexperienced get stuck. This subject material is beyond the scope of this missive, and you would do well to start reading in the Handbook. But essentially, when you configure NAT in the firewall your rl0 (connected to the ISP) will be assigned a Public IP address and the NAT function will translate between Public and Private. The next sticky point that will happen, should you get this far, is name resolution. You will want to place the IP addresses of the name servers of your ISP in your /etc/resolv.conf. You will also want to enter these into the TCP configuration of your dad's machine. In addition, on your dad's machine you will enter the IP address you used on your rl1 as the default route. The subject is much too broad for exhaustive coverage here. If your DSL/Cable modem has router ports on it, it might just be easier to plug your dad's machine up there and forget about all of this. Much reading will be required of you, and once you know most of it then you will know what specific questions to ask when you encounter sticking points. This is intended only as a very generic form of overview. -Mike [1] For example, a couple of lines from my /etc/rc.conf: pf_enable=YES pf_rules=/etc/pf.conf pf_flags=-e pflog_enable=YES pflog_logfile=/var/log/pflog pflog_flags= and the NAT line from my /etc/pf.conf: nat on $ExtIF inet from $INTERNAL to any - ($ExtIF) Please note that these are for illustrative purposes only, and by themselves will do nothing for your specific situation. There is much more that you will have to dig out of the documentation, understand, and configure appropriately. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
Manish Jain wrote: Hi, I am poor at networking and need a little bit of help. My dad has a Windows 2000 machine with a network card but does not have a connection to the internet. My freebsd 6.2 box is connected to the internet and has 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is directly connected via a long Ethernet cable to the NIC on my dad's machine. While I can access the internet easily, I want my dad to be able to connect to the internet with my freebsd box serving as the gateway. Can anyone please explain to me in easy steps how to accomplish this ? Although to many old-timers this is easily achieved, to someone new to networking it is difficult to explain it in easy steps. It involves a set of pieces that have to fit together correctly in order to work. You will need to do some proper reading on the underlying concepts first. First, establish that there exists basic network connectivity between your machine and your dads. You may need to use a crossover cable. You will want to assign a static IP address in the Private IP space range to your rl1 interface. This is also known as RFC 1918. You will also want to manually configure a static IP on your dad's machine that is in the same network, instead of allowing it to come up on the link.local of 169.254.x.x. An example would be your rl1 == 192.168.10.1 netmask 255.255.255.0 and your dad's machine == 192.168.10.2 netmask 255.255.255.0. For DNS at this stage you can use hosts files on each host for name resolution. Ensure that each machine can be ping'd by the other. Next, you will want to configure your FreeBSD machine as a NAT gateway. In your /etc/rc.conf you will want something like gateway_enable=YES and some form of firewall initialization[1]. The gateway_enable is what allows the forwarding of packets between your rl0 and your rl1, but the activation of NAT functionality is usually a function contained within a firewall. So conceptually, the firewall will be in between rl0 and rl1. There are three different firewalls you can choose from. Configuring the firewall is usually where the inexperienced get stuck. This subject material is beyond the scope of this missive, and you would do well to start reading in the Handbook. But essentially, when you configure NAT in the firewall your rl0 (connected to the ISP) will be assigned a Public IP address and the NAT function will translate between Public and Private. The next sticky point that will happen, should you get this far, is name resolution. You will want to place the IP addresses of the name servers of your ISP in your /etc/resolv.conf. You will also want to enter these into the TCP configuration of your dad's machine. In addition, on your dad's machine you will enter the IP address you used on your rl1 as the default route. The subject is much too broad for exhaustive coverage here. If your DSL/Cable modem has router ports on it, it might just be easier to plug your dad's machine up there and forget about all of this. Much reading will be required of you, and once you know most of it then you will know what specific questions to ask when you encounter sticking points. This is intended only as a very generic form of overview. -Mike [1] For example, a couple of lines from my /etc/rc.conf: pf_enable=YES pf_rules=/etc/pf.conf pf_flags=-e pflog_enable=YES pflog_logfile=/var/log/pflog pflog_flags= and the NAT line from my /etc/pf.conf: nat on $ExtIF inet from $INTERNAL to any - ($ExtIF) Please note that these are for illustrative purposes only, and by themselves will do nothing for your specific situation. There is much more that you will have to dig out of the documentation, understand, and configure appropriately. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
Manish Jain wrote: Hi, I am poor at networking and need a little bit of help. My dad has a Windows 2000 machine with a network card but does not have a connection to the internet. My freebsd 6.2 box is connected to the internet and has 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is directly connected via a long Ethernet cable to the NIC on my dad's machine. While I can access the internet easily, I want my dad to be able to connect to the internet with my freebsd box serving as the gateway. Can anyone please explain to me in easy steps how to accomplish this ? Although to many old-timers this is easily achieved, to someone new to networking it is difficult to explain it in easy steps. It involves a set of pieces that have to fit together correctly in order to work. You will need to do some proper reading on the underlying concepts first. First, establish that there exists basic network connectivity between your machine and your dads. You may need to use a crossover cable. You will want to assign a static IP address in the Private IP space range to your rl1 interface. This is also known as RFC 1918. You will also want to manually configure a static IP on your dad's machine that is in the same network, instead of allowing it to come up on the link.local of 169.254.x.x. An example would be your rl1 == 192.168.10.1 netmask 255.255.255.0 and your dad's machine == 192.168.10.2 netmask 255.255.255.0. For DNS at this stage you can use hosts files on each host for name resolution. Ensure that each machine can be ping'd by the other. Next, you will want to configure your FreeBSD machine as a NAT gateway. In your /etc/rc.conf you will want something like gateway_enable=YES and some form of firewall initialization[1]. The gateway_enable is what allows the forwarding of packets between your rl0 and your rl1, but the activation of NAT functionality is usually a function contained within a firewall. So conceptually, the firewall will be in between rl0 and rl1. There are three different firewalls you can choose from. Configuring the firewall is usually where the inexperienced get stuck. This subject material is beyond the scope of this missive, and you would do well to start reading in the Handbook. But essentially, when you configure NAT in the firewall your rl0 (connected to the ISP) will be assigned a Public IP address and the NAT function will translate between Public and Private. The next sticky point that will happen, should you get this far, is name resolution. You will want to place the IP addresses of the name servers of your ISP in your /etc/resolv.conf. You will also want to enter these into the TCP configuration of your dad's machine. In addition, on your dad's machine you will enter the IP address you used on your rl1 as the default route. The subject is much too broad for exhaustive coverage here. If your DSL/Cable modem has router ports on it, it might just be easier to plug your dad's machine up there and forget about all of this. Much reading will be required of you, and once you know most of it then you will know what specific questions to ask when you encounter sticking points. This is intended only as a very generic form of overview. -Mike [1] For example, a couple of lines from my /etc/rc.conf: pf_enable=YES pf_rules=/etc/pf.conf pf_flags=-e pflog_enable=YES pflog_logfile=/var/log/pflog pflog_flags= and the NAT line from my /etc/pf.conf: nat on $ExtIF inet from $INTERNAL to any - ($ExtIF) Please note that these are for illustrative purposes only, and by themselves will do nothing for your specific situation. There is much more that you will have to dig out of the documentation, understand, and configure appropriately. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
ack! sorry for the blank reply barrage - my apologies! i was inadvertently holding down a key combination that caused my mail client to send off a flurry of blank responses before i realized it was occurring. probably a sign to stay away from computers today :) -b On Oct 14, 2008, at 08.10, benjamin thielsen wrote: Manish Jain wrote: Hi, I am poor at networking and need a little bit of help. My dad has a Windows 2000 machine with a network card but does not have a connection to the internet. My freebsd 6.2 box is connected to the internet and has 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is directly connected via a long Ethernet cable to the NIC on my dad's machine. While I can access the internet easily, I want my dad to be able to connect to the internet with my freebsd box serving as the gateway. Can anyone please explain to me in easy steps how to accomplish this ? Although to many old-timers this is easily achieved, to someone new to networking it is difficult to explain it in easy steps. It involves a set of pieces that have to fit together correctly in order to work. You will need to do some proper reading on the underlying concepts first. First, establish that there exists basic network connectivity between your machine and your dads. You may need to use a crossover cable. You will want to assign a static IP address in the Private IP space range to your rl1 interface. This is also known as RFC 1918. You will also want to manually configure a static IP on your dad's machine that is in the same network, instead of allowing it to come up on the link.local of 169.254.x.x. An example would be your rl1 == 192.168.10.1 netmask 255.255.255.0 and your dad's machine == 192.168.10.2 netmask 255.255.255.0. For DNS at this stage you can use hosts files on each host for name resolution. Ensure that each machine can be ping'd by the other. Next, you will want to configure your FreeBSD machine as a NAT gateway. In your /etc/rc.conf you will want something like gateway_enable=YES and some form of firewall initialization[1]. The gateway_enable is what allows the forwarding of packets between your rl0 and your rl1, but the activation of NAT functionality is usually a function contained within a firewall. So conceptually, the firewall will be in between rl0 and rl1. There are three different firewalls you can choose from. Configuring the firewall is usually where the inexperienced get stuck. This subject material is beyond the scope of this missive, and you would do well to start reading in the Handbook. But essentially, when you configure NAT in the firewall your rl0 (connected to the ISP) will be assigned a Public IP address and the NAT function will translate between Public and Private. The next sticky point that will happen, should you get this far, is name resolution. You will want to place the IP addresses of the name servers of your ISP in your /etc/resolv.conf. You will also want to enter these into the TCP configuration of your dad's machine. In addition, on your dad's machine you will enter the IP address you used on your rl1 as the default route. The subject is much too broad for exhaustive coverage here. If your DSL/Cable modem has router ports on it, it might just be easier to plug your dad's machine up there and forget about all of this. Much reading will be required of you, and once you know most of it then you will know what specific questions to ask when you encounter sticking points. This is intended only as a very generic form of overview. -Mike [1] For example, a couple of lines from my /etc/rc.conf: pf_enable=YES pf_rules=/etc/pf.conf pf_flags=-e pflog_enable=YES pflog_logfile=/var/log/pflog pflog_flags= and the NAT line from my /etc/pf.conf: nat on $ExtIF inet from $INTERNAL to any - ($ExtIF) Please note that these are for illustrative purposes only, and by themselves will do nothing for your specific situation. There is much more that you will have to dig out of the documentation, understand, and configure appropriately. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
On Tue, 14 Oct 2008 14:40:01 +0300, Manolis Kiagias [EMAIL PROTECTED] wrote: Inspired by this discussion (and just replying to a random post) I tried for the first time to get a test machine as a gateway. I tried the handbook's instructions, here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html These work flawlessly, you will need to recompile your kernel though. The rest of the setup is relatively simple. Hi Manolis everyone else, `ipdivert.ko' works fine as a module too. You don't really *have* to recompile the kernel, but we probably have to update the relevant Handbook bits to mention that `ipdivert.ko' can be kldload'ed now. Adding a few options in `loader.conf' should preload IPFW and DIVERT in the running kernel: ipfw_load=YES ipdivert_load=YES Then the rest of the `rc.conf' options described in the current text work as expected. I can't boot my 6.2-RELEASE installation today to verify that this works in that version too, but if you have one around and it seems to work, let me know and I'll handle the doc bits :-) pgpZI84jv0wq8.pgp Description: PGP signature
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
Giorgos Keramidas wrote: Hi Manolis everyone else, `ipdivert.ko' works fine as a module too. You don't really *have* to recompile the kernel, but we probably have to update the relevant Handbook bits to mention that `ipdivert.ko' can be kldload'ed now. Adding a few options in `loader.conf' should preload IPFW and DIVERT in the running kernel: ipfw_load=YES ipdivert_load=YES Then the rest of the `rc.conf' options described in the current text work as expected. I can't boot my 6.2-RELEASE installation today to verify that this works in that version too, but if you have one around and it seems to work, let me know and I'll handle the doc bits :-) FWIW, both modules load fine in my VMWare based 6.2-RELEASE. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
Manish Jain wrote: Hi, I am poor at networking and need a little bit of help. My dad has a Windows 2000 machine with a network card but does not have a connection to the internet. My freebsd 6.2 box is connected to the internet and has 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is directly connected via a long Ethernet cable to the NIC on my dad's machine. While I can access the internet easily, I want my dad to be able to connect to the internet with my freebsd box serving as the gateway. Can anyone please explain to me in easy steps how to accomplish this ? Although to many old-timers this is easily achieved, to someone new to networking it is difficult to explain it in easy steps. It involves a set of pieces that have to fit together correctly in order to work. You will need to do some proper reading on the underlying concepts first. First, establish that there exists basic network connectivity between your machine and your dads. You may need to use a crossover cable. You will want to assign a static IP address in the Private IP space range to your rl1 interface. This is also known as RFC 1918. You will also want to manually configure a static IP on your dad's machine that is in the same network, instead of allowing it to come up on the link.local of 169.254.x.x. An example would be your rl1 == 192.168.10.1 netmask 255.255.255.0 and your dad's machine == 192.168.10.2 netmask 255.255.255.0. For DNS at this stage you can use hosts files on each host for name resolution. Ensure that each machine can be ping'd by the other. Next, you will want to configure your FreeBSD machine as a NAT gateway. In your /etc/rc.conf you will want something like gateway_enable=YES and some form of firewall initialization[1]. The gateway_enable is what allows the forwarding of packets between your rl0 and your rl1, but the activation of NAT functionality is usually a function contained within a firewall. So conceptually, the firewall will be in between rl0 and rl1. There are three different firewalls you can choose from. Configuring the firewall is usually where the inexperienced get stuck. This subject material is beyond the scope of this missive, and you would do well to start reading in the Handbook. But essentially, when you configure NAT in the firewall your rl0 (connected to the ISP) will be assigned a Public IP address and the NAT function will translate between Public and Private. The next sticky point that will happen, should you get this far, is name resolution. You will want to place the IP addresses of the name servers of your ISP in your /etc/resolv.conf. You will also want to enter these into the TCP configuration of your dad's machine. In addition, on your dad's machine you will enter the IP address you used on your rl1 as the default route. The subject is much too broad for exhaustive coverage here. If your DSL/Cable modem has router ports on it, it might just be easier to plug your dad's machine up there and forget about all of this. Much reading will be required of you, and once you know most of it then you will know what specific questions to ask when you encounter sticking points. This is intended only as a very generic form of overview. -Mike [1] For example, a couple of lines from my /etc/rc.conf: pf_enable=YES pf_rules=/etc/pf.conf pf_flags=-e pflog_enable=YES pflog_logfile=/var/log/pflog pflog_flags= and the NAT line from my /etc/pf.conf: nat on $ExtIF inet from $INTERNAL to any - ($ExtIF) Please note that these are for illustrative purposes only, and by themselves will do nothing for your specific situation. There is much more that you will have to dig out of the documentation, understand, and configure appropriately. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
Manish Jain wrote: Hi, I am poor at networking and need a little bit of help. My dad has a Windows 2000 machine with a network card but does not have a connection to the internet. My freebsd 6.2 box is connected to the internet and has 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is directly connected via a long Ethernet cable to the NIC on my dad's machine. While I can access the internet easily, I want my dad to be able to connect to the internet with my freebsd box serving as the gateway. Can anyone please explain to me in easy steps how to accomplish this ? Although to many old-timers this is easily achieved, to someone new to networking it is difficult to explain it in easy steps. It involves a set of pieces that have to fit together correctly in order to work. You will need to do some proper reading on the underlying concepts first. First, establish that there exists basic network connectivity between your machine and your dads. You may need to use a crossover cable. You will want to assign a static IP address in the Private IP space range to your rl1 interface. This is also known as RFC 1918. You will also want to manually configure a static IP on your dad's machine that is in the same network, instead of allowing it to come up on the link.local of 169.254.x.x. An example would be your rl1 == 192.168.10.1 netmask 255.255.255.0 and your dad's machine == 192.168.10.2 netmask 255.255.255.0. For DNS at this stage you can use hosts files on each host for name resolution. Ensure that each machine can be ping'd by the other. Next, you will want to configure your FreeBSD machine as a NAT gateway. In your /etc/rc.conf you will want something like gateway_enable=YES and some form of firewall initialization[1]. The gateway_enable is what allows the forwarding of packets between your rl0 and your rl1, but the activation of NAT functionality is usually a function contained within a firewall. So conceptually, the firewall will be in between rl0 and rl1. There are three different firewalls you can choose from. Configuring the firewall is usually where the inexperienced get stuck. This subject material is beyond the scope of this missive, and you would do well to start reading in the Handbook. But essentially, when you configure NAT in the firewall your rl0 (connected to the ISP) will be assigned a Public IP address and the NAT function will translate between Public and Private. The next sticky point that will happen, should you get this far, is name resolution. You will want to place the IP addresses of the name servers of your ISP in your /etc/resolv.conf. You will also want to enter these into the TCP configuration of your dad's machine. In addition, on your dad's machine you will enter the IP address you used on your rl1 as the default route. The subject is much too broad for exhaustive coverage here. If your DSL/Cable modem has router ports on it, it might just be easier to plug your dad's machine up there and forget about all of this. Much reading will be required of you, and once you know most of it then you will know what specific questions to ask when you encounter sticking points. This is intended only as a very generic form of overview. -Mike [1] For example, a couple of lines from my /etc/rc.conf: pf_enable=YES pf_rules=/etc/pf.conf pf_flags=-e pflog_enable=YES pflog_logfile=/var/log/pflog pflog_flags= and the NAT line from my /etc/pf.conf: nat on $ExtIF inet from $INTERNAL to any - ($ExtIF) Please note that these are for illustrative purposes only, and by themselves will do nothing for your specific situation. There is much more that you will have to dig out of the documentation, understand, and configure appropriately. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
On Oct 13, 2008, at 11:39 PM, Manish Jain wrote: Hi, I am poor at networking and need a little bit of help. My dad has a Windows 2000 machine with a network card but does not have a connection to the internet. My freebsd 6.2 box is connected to the internet and has 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is directly connected via a long Ethernet cable to the NIC on my dad's machine. While I can access the internet easily, I want my dad to be able to connect to the internet with my freebsd box serving as the gateway. Can anyone please explain to me in easy steps how to accomplish this ? Thanks in advance for any help. Here is an alternative if there is no actual requirement for routing. It works on 6.2. If your network already has a router/firewall/NAT dhcp server (e.g., a Linksys, netgear router, a satellite modem, etc), investigate the use of if_bridge rather than attempt to use NAT and routing. This eliminates a number of issues that you will find difficult as someone new to networking and possibly FreeBSD. This allows you to make your FreeBSD machine transparent to the network as if the W2K box were another peer (in many ways). The benefits would be not having to proxy the private addresses/serve dhcp while maintaining your existing hardware set up. I add in options if_bridge to the kernel and rebuild though it can be loaded dynamically at boot. Your rc.conf entries would look something like this given a router to this ISP using a 192.168.1.0 private network space. # the FreeBSD - ISP NIC card ifconfig_rl0=inet 192.168.1.2 netmask 255.255.255.0 # the ISP Router connection to the LAN defaultrouter=192.168.1.1 gateway_enable=YES #rl0 is the WAN Facing nic. #rl1 is the second nic to other computers. This connects to switch or crossover # note that no address is set for rl1, it serves no purpose # the media statements are just shown to reflect rl1s existence # and other settings it may need ifconfig_rl1=up media 100baseTX mediaopt full-duplex cloned_interfaces=bridge0 ifconfig_bridge0=addm rl0 addm rl1 up Look at man if_bridge for sysctl.conf entries that may be needed. They determine what is passed on the bridge and can easily block necessary traffic if not set correctly. For my purposes, I found the following necessary: net.link.bridge.ipfw=1 net.link.bridge.ipfw_arp=1 These allow me to control the traffic within ipfw which makes me more comfortable than passing everything. Once a simple bridge is functional, investigate the entries necessary to further inhibit traffic using ipfw. This can be quite helpful in protecting a W2K box which is likely weak in it's security. The combination of these two products is thought of as a transparent firewall and is quite effective. It serves as a foundation for more complex configurations up to a complete Intrusion Detection System using snort_inline which can actually filter and drop virus signatures headed for the weaker windows platforms. Documentation is quite weak out there on this configuration but I can provide basic examples of ipfw commands to monitor, allow and deny traffic using ipfw and if_bridge. I'm unable to accurately provide this on the fly though. What some people do, is build a set of rules early in the ipfw ruleset to handle all traffic associated with the local FreeBSD computer's use of the net and separate traffic for the bridge into in and out sections (e.g. use of skipto). Then you can allow or deny what goes to and comes from the W2K box/other workstations, just like you do to the local machine. There is some minimal info here: http://www.freebsd.org/doc/en/books/handbook/network-bridging.html Manish Jain [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
Manish Jain wrote: Hi, I am poor at networking and need a little bit of help. My dad has a Windows 2000 machine with a network card but does not have a connection to the internet. My freebsd 6.2 box is connected to the internet and has 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is directly connected via a long Ethernet cable to the NIC on my dad's machine. While I can access the internet easily, I want my dad to be able to connect to the internet with my freebsd box serving as the gateway. Can anyone please explain to me in easy steps how to accomplish this ? Although to many old-timers this is easily achieved, to someone new to networking it is difficult to explain it in easy steps. It involves a set of pieces that have to fit together correctly in order to work. You will need to do some proper reading on the underlying concepts first. First, establish that there exists basic network connectivity between your machine and your dads. You may need to use a crossover cable. You will want to assign a static IP address in the Private IP space range to your rl1 interface. This is also known as RFC 1918. You will also want to manually configure a static IP on your dad's machine that is in the same network, instead of allowing it to come up on the link.local of 169.254.x.x. An example would be your rl1 == 192.168.10.1 netmask 255.255.255.0 and your dad's machine == 192.168.10.2 netmask 255.255.255.0. For DNS at this stage you can use hosts files on each host for name resolution. Ensure that each machine can be ping'd by the other. Next, you will want to configure your FreeBSD machine as a NAT gateway. In your /etc/rc.conf you will want something like gateway_enable=YES and some form of firewall initialization[1]. The gateway_enable is what allows the forwarding of packets between your rl0 and your rl1, but the activation of NAT functionality is usually a function contained within a firewall. So conceptually, the firewall will be in between rl0 and rl1. There are three different firewalls you can choose from. Configuring the firewall is usually where the inexperienced get stuck. This subject material is beyond the scope of this missive, and you would do well to start reading in the Handbook. But essentially, when you configure NAT in the firewall your rl0 (connected to the ISP) will be assigned a Public IP address and the NAT function will translate between Public and Private. The next sticky point that will happen, should you get this far, is name resolution. You will want to place the IP addresses of the name servers of your ISP in your /etc/resolv.conf. You will also want to enter these into the TCP configuration of your dad's machine. In addition, on your dad's machine you will enter the IP address you used on your rl1 as the default route. The subject is much too broad for exhaustive coverage here. If your DSL/Cable modem has router ports on it, it might just be easier to plug your dad's machine up there and forget about all of this. Much reading will be required of you, and once you know most of it then you will know what specific questions to ask when you encounter sticking points. This is intended only as a very generic form of overview. -Mike [1] For example, a couple of lines from my /etc/rc.conf: pf_enable=YES pf_rules=/etc/pf.conf pf_flags=-e pflog_enable=YES pflog_logfile=/var/log/pflog pflog_flags= and the NAT line from my /etc/pf.conf: nat on $ExtIF inet from $INTERNAL to any - ($ExtIF) Please note that these are for illustrative purposes only, and by themselves will do nothing for your specific situation. There is much more that you will have to dig out of the documentation, understand, and configure appropriately. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
Manish Jain wrote: Hi, I am poor at networking and need a little bit of help. My dad has a Windows 2000 machine with a network card but does not have a connection to the internet. My freebsd 6.2 box is connected to the internet and has 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is directly connected via a long Ethernet cable to the NIC on my dad's machine. While I can access the internet easily, I want my dad to be able to connect to the internet with my freebsd box serving as the gateway. Can anyone please explain to me in easy steps how to accomplish this ? Although to many old-timers this is easily achieved, to someone new to networking it is difficult to explain it in easy steps. It involves a set of pieces that have to fit together correctly in order to work. You will need to do some proper reading on the underlying concepts first. First, establish that there exists basic network connectivity between your machine and your dads. You may need to use a crossover cable. You will want to assign a static IP address in the Private IP space range to your rl1 interface. This is also known as RFC 1918. You will also want to manually configure a static IP on your dad's machine that is in the same network, instead of allowing it to come up on the link.local of 169.254.x.x. An example would be your rl1 == 192.168.10.1 netmask 255.255.255.0 and your dad's machine == 192.168.10.2 netmask 255.255.255.0. For DNS at this stage you can use hosts files on each host for name resolution. Ensure that each machine can be ping'd by the other. Next, you will want to configure your FreeBSD machine as a NAT gateway. In your /etc/rc.conf you will want something like gateway_enable=YES and some form of firewall initialization[1]. The gateway_enable is what allows the forwarding of packets between your rl0 and your rl1, but the activation of NAT functionality is usually a function contained within a firewall. So conceptually, the firewall will be in between rl0 and rl1. There are three different firewalls you can choose from. Configuring the firewall is usually where the inexperienced get stuck. This subject material is beyond the scope of this missive, and you would do well to start reading in the Handbook. But essentially, when you configure NAT in the firewall your rl0 (connected to the ISP) will be assigned a Public IP address and the NAT function will translate between Public and Private. The next sticky point that will happen, should you get this far, is name resolution. You will want to place the IP addresses of the name servers of your ISP in your /etc/resolv.conf. You will also want to enter these into the TCP configuration of your dad's machine. In addition, on your dad's machine you will enter the IP address you used on your rl1 as the default route. The subject is much too broad for exhaustive coverage here. If your DSL/Cable modem has router ports on it, it might just be easier to plug your dad's machine up there and forget about all of this. Much reading will be required of you, and once you know most of it then you will know what specific questions to ask when you encounter sticking points. This is intended only as a very generic form of overview. -Mike [1] For example, a couple of lines from my /etc/rc.conf: pf_enable=YES pf_rules=/etc/pf.conf pf_flags=-e pflog_enable=YES pflog_logfile=/var/log/pflog pflog_flags= and the NAT line from my /etc/pf.conf: nat on $ExtIF inet from $INTERNAL to any - ($ExtIF) Please note that these are for illustrative purposes only, and by themselves will do nothing for your specific situation. There is much more that you will have to dig out of the documentation, understand, and configure appropriately. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
Peter N. M. Hansteen wrote: Manish Jain [EMAIL PROTECTED] writes: I am poor at networking and need a little bit of help. My dad has a Windows 2000 machine with a network card but does not have a connection to the internet. When I started writing this, I thought that system had been abandoned already, but it appears Microsoft will offer a measure of support through next year sometime. Do see that the system gets properly updated before you put it on the net. My freebsd 6.2 box is connected to the internet and has 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is directly connected via a long Ethernet cable to the NIC on my dad's machine. While I can access the internet easily, I want my dad to be able to connect to the internet with my freebsd box serving as the gateway. Can anyone please explain to me in easy steps how to accomplish this ? The keyword is that you need to set up your machine as a gateway. There are numerous guides available on how to do that (including the FreeBSD Handbook (free, online and likely already on your system) my PF tutorial (http://home.nuug.no/~peter/pf/) contains more than a few hints, as do several books available at better bookstores), but I would recommend that you pick literature that enables you to learn the basics of TCP/IP as well as the actual commands needed. Looking into packet filtering for basic protection won't hurt either. With those keywords in hand, you should be able to dig up something useful. - Peter Inspired by this discussion (and just replying to a random post) I tried for the first time to get a test machine as a gateway. I tried the handbook's instructions, here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html These work flawlessly, you will need to recompile your kernel though. The rest of the setup is relatively simple. I am more accustomed to using pf rather than IPFW though, and as I wanted to test this on my main system, I came up with this setup: /etc/rc.conf pf_enable=YES pf_rules=/etc/pf.conf pf_flags= gateway_enable=YES (Run sysctl net.inet.ip.forwarding=1 *and* /etc/rc.d/routing restart if you do not wish to reboot after modifying rc.conf) I added this rule before the filtering rules section in my /etc/pf.conf: nat pass on rl1 from rl0:network to any - rl1 (This is an excellent read: http://www.openbsd.org/faq/pf/ ) where rl1 is the Internet-facing card, and rl0 is the local network one. Also added a few simple rules to allow traffic from rl0 as I am normally using pf for firewalling. This also worked nicely, and has the added advantage of not having to recompile the kernel. So the OP has quite a few options, and it may prove not to be very difficult after all. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
Manish Jain wrote: Hi, I am poor at networking and need a little bit of help. My dad has a Windows 2000 machine with a network card but does not have a connection to the internet. My freebsd 6.2 box is connected to the internet and has 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is directly connected via a long Ethernet cable to the NIC on my dad's machine. While I can access the internet easily, I want my dad to be able to connect to the internet with my freebsd box serving as the gateway. Can anyone please explain to me in easy steps how to accomplish this ? Although to many old-timers this is easily achieved, to someone new to networking it is difficult to explain it in easy steps. It involves a set of pieces that have to fit together correctly in order to work. You will need to do some proper reading on the underlying concepts first. First, establish that there exists basic network connectivity between your machine and your dads. You may need to use a crossover cable. You will want to assign a static IP address in the Private IP space range to your rl1 interface. This is also known as RFC 1918. You will also want to manually configure a static IP on your dad's machine that is in the same network, instead of allowing it to come up on the link.local of 169.254.x.x. An example would be your rl1 == 192.168.10.1 netmask 255.255.255.0 and your dad's machine == 192.168.10.2 netmask 255.255.255.0. For DNS at this stage you can use hosts files on each host for name resolution. Ensure that each machine can be ping'd by the other. Next, you will want to configure your FreeBSD machine as a NAT gateway. In your /etc/rc.conf you will want something like gateway_enable=YES and some form of firewall initialization[1]. The gateway_enable is what allows the forwarding of packets between your rl0 and your rl1, but the activation of NAT functionality is usually a function contained within a firewall. So conceptually, the firewall will be in between rl0 and rl1. There are three different firewalls you can choose from. Configuring the firewall is usually where the inexperienced get stuck. This subject material is beyond the scope of this missive, and you would do well to start reading in the Handbook. But essentially, when you configure NAT in the firewall your rl0 (connected to the ISP) will be assigned a Public IP address and the NAT function will translate between Public and Private. The next sticky point that will happen, should you get this far, is name resolution. You will want to place the IP addresses of the name servers of your ISP in your /etc/resolv.conf. You will also want to enter these into the TCP configuration of your dad's machine. In addition, on your dad's machine you will enter the IP address you used on your rl1 as the default route. The subject is much too broad for exhaustive coverage here. If your DSL/Cable modem has router ports on it, it might just be easier to plug your dad's machine up there and forget about all of this. Much reading will be required of you, and once you know most of it then you will know what specific questions to ask when you encounter sticking points. This is intended only as a very generic form of overview. -Mike [1] For example, a couple of lines from my /etc/rc.conf: pf_enable=YES pf_rules=/etc/pf.conf pf_flags=-e pflog_enable=YES pflog_logfile=/var/log/pflog pflog_flags= and the NAT line from my /etc/pf.conf: nat on $ExtIF inet from $INTERNAL to any - ($ExtIF) Please note that these are for illustrative purposes only, and by themselves will do nothing for your specific situation. There is much more that you will have to dig out of the documentation, understand, and configure appropriately. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
El día Tuesday, October 14, 2008 a las 08:10:42AM -0400, benjamin thielsen escribió: Manish Jain wrote: Hi, I am poor at networking and need a little bit of help. My dad has a Windows 2000 machine with a network card but does not have a connection to the internet. My freebsd 6.2 box is connected to the internet and has 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is directly connected via a long Ethernet cable to the NIC on my dad's machine. While I can access the internet easily, I want my dad to be able to connect to the internet with my freebsd box serving as the gateway. Can anyone please explain to me in easy steps how to accomplish this ? Although to many old-timers this is easily achieved, to someone new to networking it is difficult to explain it in easy steps. It involves a set of pieces that have to fit together correctly in order to work. You will need to do some proper reading on the underlying concepts first. You wrote the same mail 6 times (at least) to the mailing-list; I've checked the Message-ID lines, all are diffrent: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] ... please stop that; thx matthias -- Matthias Apitz Manager Technical Support - OCLC GmbH Gruenwalder Weg 28g - 82041 Oberhaching - Germany t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211 e [EMAIL PROTECTED] - w http://www.oclc.org/ http://www.UnixArea.de/ b http://gurucubano.blogspot.com/ A computer is like an air conditioner, it stops working when you open Windows Una computadora es como aire acondicionado, deja de funcionar si abres Windows ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
Hi, I am poor at networking and need a little bit of help. My dad has a Windows 2000 machine with a network card but does not have a connection to the internet. My freebsd 6.2 box is connected to the internet and has 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is directly connected via a long Ethernet cable to the NIC on my dad's machine. While I can access the internet easily, I want my dad to be able to connect to the internet with my freebsd box serving as the gateway. Can anyone please explain to me in easy steps how to accomplish this ? Thanks in advance for any help. Manish Jain [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
internet. My freebsd 6.2 box is connected to the internet and has 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is directly connected via a long Ethernet cable to the NIC on my dad's machine. While I can access the internet easily, I want my dad to be able to connect to the internet with my freebsd box serving as the gateway. Can anyone please explain to me in easy steps how to accomplish this ? reading admin's handbook or using google will give you an answer ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
On Tue, 14 Oct 2008 12:09:45 +0530 Manish Jain [EMAIL PROTECTED] wrote: I want my dad to be able to connect to the internet with my freebsd box serving as the gateway. You might want to read: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-dns.html Andreas -- GnuPG key : 0x2A573565|http://www.gnupg.org/howtos/de/ Fingerprint: 925D 2089 0BF9 8DE5 9166 33BB F0FD CD37 2A57 3565 pgpjiLS2YwRV9.pgp Description: PGP signature
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
Manish Jain wrote: Hi, I am poor at networking and need a little bit of help. My dad has a Windows 2000 machine with a network card but does not have a connection to the internet. My freebsd 6.2 box is connected to the internet and has 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is directly connected via a long Ethernet cable to the NIC on my dad's machine. While I can access the internet easily, I want my dad to be able to connect to the internet with my freebsd box serving as the gateway. Can anyone please explain to me in easy steps how to accomplish this ? Although to many old-timers this is easily achieved, to someone new to networking it is difficult to explain it in easy steps. It involves a set of pieces that have to fit together correctly in order to work. You will need to do some proper reading on the underlying concepts first. First, establish that there exists basic network connectivity between your machine and your dads. You may need to use a crossover cable. You will want to assign a static IP address in the Private IP space range to your rl1 interface. This is also known as RFC 1918. You will also want to manually configure a static IP on your dad's machine that is in the same network, instead of allowing it to come up on the link.local of 169.254.x.x. An example would be your rl1 == 192.168.10.1 netmask 255.255.255.0 and your dad's machine == 192.168.10.2 netmask 255.255.255.0. For DNS at this stage you can use hosts files on each host for name resolution. Ensure that each machine can be ping'd by the other. Next, you will want to configure your FreeBSD machine as a NAT gateway. In your /etc/rc.conf you will want something like gateway_enable=YES and some form of firewall initialization[1]. The gateway_enable is what allows the forwarding of packets between your rl0 and your rl1, but the activation of NAT functionality is usually a function contained within a firewall. So conceptually, the firewall will be in between rl0 and rl1. There are three different firewalls you can choose from. Configuring the firewall is usually where the inexperienced get stuck. This subject material is beyond the scope of this missive, and you would do well to start reading in the Handbook. But essentially, when you configure NAT in the firewall your rl0 (connected to the ISP) will be assigned a Public IP address and the NAT function will translate between Public and Private. The next sticky point that will happen, should you get this far, is name resolution. You will want to place the IP addresses of the name servers of your ISP in your /etc/resolv.conf. You will also want to enter these into the TCP configuration of your dad's machine. In addition, on your dad's machine you will enter the IP address you used on your rl1 as the default route. The subject is much too broad for exhaustive coverage here. If your DSL/Cable modem has router ports on it, it might just be easier to plug your dad's machine up there and forget about all of this. Much reading will be required of you, and once you know most of it then you will know what specific questions to ask when you encounter sticking points. This is intended only as a very generic form of overview. -Mike [1] For example, a couple of lines from my /etc/rc.conf: pf_enable=YES pf_rules=/etc/pf.conf pf_flags=-e pflog_enable=YES pflog_logfile=/var/log/pflog pflog_flags= and the NAT line from my /etc/pf.conf: nat on $ExtIF inet from $INTERNAL to any - ($ExtIF) Please note that these are for illustrative purposes only, and by themselves will do nothing for your specific situation. There is much more that you will have to dig out of the documentation, understand, and configure appropriately. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
Manish Jain wrote: Hi, I am poor at networking and need a little bit of help. My dad has a Windows 2000 machine with a network card but does not have a connection to the internet. My freebsd 6.2 box is connected to the internet and has 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is directly connected via a long Ethernet cable to the NIC on my dad's machine. While I can access the internet easily, I want my dad to be able to connect to the internet with my freebsd box serving as the gateway. Can anyone please explain to me in easy steps how to accomplish this ? Although to many old-timers this is easily achieved, to someone new to networking it is difficult to explain it in easy steps. It involves a set of pieces that have to fit together correctly in order to work. You will need to do some proper reading on the underlying concepts first. First, establish that there exists basic network connectivity between your machine and your dads. You may need to use a crossover cable. You will want to assign a static IP address in the Private IP space range to your rl1 interface. This is also known as RFC 1918. You will also want to manually configure a static IP on your dad's machine that is in the same network, instead of allowing it to come up on the link.local of 169.254.x.x. An example would be your rl1 == 192.168.10.1 netmask 255.255.255.0 and your dad's machine == 192.168.10.2 netmask 255.255.255.0. For DNS at this stage you can use hosts files on each host for name resolution. Ensure that each machine can be ping'd by the other. Next, you will want to configure your FreeBSD machine as a NAT gateway. In your /etc/rc.conf you will want something like gateway_enable=YES and some form of firewall initialization[1]. The gateway_enable is what allows the forwarding of packets between your rl0 and your rl1, but the activation of NAT functionality is usually a function contained within a firewall. So conceptually, the firewall will be in between rl0 and rl1. There are three different firewalls you can choose from. Configuring the firewall is usually where the inexperienced get stuck. This subject material is beyond the scope of this missive, and you would do well to start reading in the Handbook. But essentially, when you configure NAT in the firewall your rl0 (connected to the ISP) will be assigned a Public IP address and the NAT function will translate between Public and Private. The next sticky point that will happen, should you get this far, is name resolution. You will want to place the IP addresses of the name servers of your ISP in your /etc/resolv.conf. You will also want to enter these into the TCP configuration of your dad's machine. In addition, on your dad's machine you will enter the IP address you used on your rl1 as the default route. The subject is much too broad for exhaustive coverage here. If your DSL/Cable modem has router ports on it, it might just be easier to plug your dad's machine up there and forget about all of this. Much reading will be required of you, and once you know most of it then you will know what specific questions to ask when you encounter sticking points. This is intended only as a very generic form of overview. -Mike [1] For example, a couple of lines from my /etc/rc.conf: pf_enable=YES pf_rules=/etc/pf.conf pf_flags=-e pflog_enable=YES pflog_logfile=/var/log/pflog pflog_flags= and the NAT line from my /etc/pf.conf: nat on $ExtIF inet from $INTERNAL to any - ($ExtIF) Please note that these are for illustrative purposes only, and by themselves will do nothing for your specific situation. There is much more that you will have to dig out of the documentation, understand, and configure appropriately. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
Manish Jain wrote: Hi, I am poor at networking and need a little bit of help. My dad has a Windows 2000 machine with a network card but does not have a connection to the internet. My freebsd 6.2 box is connected to the internet and has 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is directly connected via a long Ethernet cable to the NIC on my dad's machine. While I can access the internet easily, I want my dad to be able to connect to the internet with my freebsd box serving as the gateway. Can anyone please explain to me in easy steps how to accomplish this ? Although to many old-timers this is easily achieved, to someone new to networking it is difficult to explain it in easy steps. It involves a set of pieces that have to fit together correctly in order to work. You will need to do some proper reading on the underlying concepts first. First, establish that there exists basic network connectivity between your machine and your dads. You may need to use a crossover cable. You will want to assign a static IP address in the Private IP space range to your rl1 interface. This is also known as RFC 1918. You will also want to manually configure a static IP on your dad's machine that is in the same network, instead of allowing it to come up on the link.local of 169.254.x.x. An example would be your rl1 == 192.168.10.1 netmask 255.255.255.0 and your dad's machine == 192.168.10.2 netmask 255.255.255.0. For DNS at this stage you can use hosts files on each host for name resolution. Ensure that each machine can be ping'd by the other. Next, you will want to configure your FreeBSD machine as a NAT gateway. In your /etc/rc.conf you will want something like gateway_enable=YES and some form of firewall initialization[1]. The gateway_enable is what allows the forwarding of packets between your rl0 and your rl1, but the activation of NAT functionality is usually a function contained within a firewall. So conceptually, the firewall will be in between rl0 and rl1. There are three different firewalls you can choose from. Configuring the firewall is usually where the inexperienced get stuck. This subject material is beyond the scope of this missive, and you would do well to start reading in the Handbook. But essentially, when you configure NAT in the firewall your rl0 (connected to the ISP) will be assigned a Public IP address and the NAT function will translate between Public and Private. The next sticky point that will happen, should you get this far, is name resolution. You will want to place the IP addresses of the name servers of your ISP in your /etc/resolv.conf. You will also want to enter these into the TCP configuration of your dad's machine. In addition, on your dad's machine you will enter the IP address you used on your rl1 as the default route. The subject is much too broad for exhaustive coverage here. If your DSL/Cable modem has router ports on it, it might just be easier to plug your dad's machine up there and forget about all of this. Much reading will be required of you, and once you know most of it then you will know what specific questions to ask when you encounter sticking points. This is intended only as a very generic form of overview. -Mike [1] For example, a couple of lines from my /etc/rc.conf: pf_enable=YES pf_rules=/etc/pf.conf pf_flags=-e pflog_enable=YES pflog_logfile=/var/log/pflog pflog_flags= and the NAT line from my /etc/pf.conf: nat on $ExtIF inet from $INTERNAL to any - ($ExtIF) Please note that these are for illustrative purposes only, and by themselves will do nothing for your specific situation. There is much more that you will have to dig out of the documentation, understand, and configure appropriately. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
Manish Jain [EMAIL PROTECTED] writes: I am poor at networking and need a little bit of help. My dad has a Windows 2000 machine with a network card but does not have a connection to the internet. When I started writing this, I thought that system had been abandoned already, but it appears Microsoft will offer a measure of support through next year sometime. Do see that the system gets properly updated before you put it on the net. My freebsd 6.2 box is connected to the internet and has 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is directly connected via a long Ethernet cable to the NIC on my dad's machine. While I can access the internet easily, I want my dad to be able to connect to the internet with my freebsd box serving as the gateway. Can anyone please explain to me in easy steps how to accomplish this ? The keyword is that you need to set up your machine as a gateway. There are numerous guides available on how to do that (including the FreeBSD Handbook (free, online and likely already on your system) my PF tutorial (http://home.nuug.no/~peter/pf/) contains more than a few hints, as do several books available at better bookstores), but I would recommend that you pick literature that enables you to learn the basics of TCP/IP as well as the actual commands needed. Looking into packet filtering for basic protection won't hurt either. With those keywords in hand, you should be able to dig up something useful. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
On Tue, Oct 14, 2008 at 06:46:10AM -0400, Michael Powell wrote: Jeremy Chadwick wrote: On Tue, Oct 14, 2008 at 04:55:11AM -0400, Michael Powell wrote: [snip] Next, you will want to configure your FreeBSD machine as a NAT gateway. In your /etc/rc.conf you will want something like gateway_enable=YES and some form of firewall initialization[1]. The gateway_enable is what allows the forwarding of packets between your rl0 and your rl1, but the activation of NAT functionality is usually a function contained within a firewall. So conceptually, the firewall will be in between rl0 and rl1. There are three different firewalls you can choose from. Configuring the firewall is usually where the inexperienced get stuck. This subject material is beyond the scope of this missive, and you would do well to start reading in the Handbook. But essentially, when you configure NAT in the firewall your rl0 (connected to the ISP) will be assigned a Public IP address and the NAT function will translate between Public and Private. With respect to NAT, the caveat here is the assumption that your DSL/Cable modem is *not* already performing NAT. The situation you do not want to get into is having *two* NATs. The content herein is assuming that the external (rl0) interface is getting assigned a Public IP from the ISP. [snip] Doesn't he need to also set sysctl net.inet.ip.forwarding=1 for his box to act as a gateway? Or is this handled by the NAT portion? The gateway_enable=YES in /etc/rc.conf sets this. Right, but it wasn't in your /etc/rc.conf example (see your mail), so I figured the OP would come back saying Okay I did what you said but it still doesn't work! -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
Jeremy Chadwick wrote: [snip] Doesn't he need to also set sysctl net.inet.ip.forwarding=1 for his box to act as a gateway? Or is this handled by the NAT portion? The gateway_enable=YES in /etc/rc.conf sets this. Right, but it wasn't in your /etc/rc.conf example (see your mail), so I figured the OP would come back saying Okay I did what you said but it still doesn't work! Well that is going to happen anyway. ;-) I wasn't trying to write a tutorial, but rather an overview of what's involved. It's up to him to do the necessary RTFM to fill in the blanks. Yes - I agree it should have included it in the example snippet. By the time I got to that portion my thinking was fixated on the firewall aspect. It would have been clearer, perhaps, had it been so. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
--On Tuesday, October 14, 2008 01:39:45 -0500 Manish Jain [EMAIL PROTECTED] wrote: Hi, I am poor at networking and need a little bit of help. My dad has a Windows 2000 machine with a network card but does not have a connection to the internet. My freebsd 6.2 box is connected to the internet How is your FreeBSD 6.2 box connected to the internet? Directly to the modem? What sort of connection do you have? Dial-up? DSL? Satellite? Cable? The answers to these questions determine how you go about networking the two machines together. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** Check the headers before clicking on Reply. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
On Tue, Oct 14, 2008 at 04:55:11AM -0400, Michael Powell wrote: Manish Jain wrote: Hi, I am poor at networking and need a little bit of help. My dad has a Windows 2000 machine with a network card but does not have a connection to the internet. My freebsd 6.2 box is connected to the internet and has 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is directly connected via a long Ethernet cable to the NIC on my dad's machine. While I can access the internet easily, I want my dad to be able to connect to the internet with my freebsd box serving as the gateway. Can anyone please explain to me in easy steps how to accomplish this ? Although to many old-timers this is easily achieved, to someone new to networking it is difficult to explain it in easy steps. It involves a set of pieces that have to fit together correctly in order to work. You will need to do some proper reading on the underlying concepts first. First, establish that there exists basic network connectivity between your machine and your dads. You may need to use a crossover cable. You will want to assign a static IP address in the Private IP space range to your rl1 interface. This is also known as RFC 1918. You will also want to manually configure a static IP on your dad's machine that is in the same network, instead of allowing it to come up on the link.local of 169.254.x.x. An example would be your rl1 == 192.168.10.1 netmask 255.255.255.0 and your dad's machine == 192.168.10.2 netmask 255.255.255.0. For DNS at this stage you can use hosts files on each host for name resolution. Ensure that each machine can be ping'd by the other. Next, you will want to configure your FreeBSD machine as a NAT gateway. In your /etc/rc.conf you will want something like gateway_enable=YES and some form of firewall initialization[1]. The gateway_enable is what allows the forwarding of packets between your rl0 and your rl1, but the activation of NAT functionality is usually a function contained within a firewall. So conceptually, the firewall will be in between rl0 and rl1. There are three different firewalls you can choose from. Configuring the firewall is usually where the inexperienced get stuck. This subject material is beyond the scope of this missive, and you would do well to start reading in the Handbook. But essentially, when you configure NAT in the firewall your rl0 (connected to the ISP) will be assigned a Public IP address and the NAT function will translate between Public and Private. The next sticky point that will happen, should you get this far, is name resolution. You will want to place the IP addresses of the name servers of your ISP in your /etc/resolv.conf. You will also want to enter these into the TCP configuration of your dad's machine. In addition, on your dad's machine you will enter the IP address you used on your rl1 as the default route. The subject is much too broad for exhaustive coverage here. If your DSL/Cable modem has router ports on it, it might just be easier to plug your dad's machine up there and forget about all of this. Much reading will be required of you, and once you know most of it then you will know what specific questions to ask when you encounter sticking points. This is intended only as a very generic form of overview. -Mike [1] For example, a couple of lines from my /etc/rc.conf: pf_enable=YES pf_rules=/etc/pf.conf pf_flags=-e pflog_enable=YES pflog_logfile=/var/log/pflog pflog_flags= and the NAT line from my /etc/pf.conf: nat on $ExtIF inet from $INTERNAL to any - ($ExtIF) Please note that these are for illustrative purposes only, and by themselves will do nothing for your specific situation. There is much more that you will have to dig out of the documentation, understand, and configure appropriately. Doesn't he need to also set sysctl net.inet.ip.forwarding=1 for his box to act as a gateway? Or is this handled by the NAT portion? -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
On Tue, Oct 14, 2008 at 10:01 AM, Jerry McAllister [EMAIL PROTECTED] wrote: On Tue, Oct 14, 2008 at 09:52:54AM +0200, Wojciech Puchar wrote: internet. My freebsd 6.2 box is connected to the internet and has 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is directly connected via a long Ethernet cable to the NIC on my dad's machine. While I can access the internet easily, I want my dad to be able to connect to the internet with my freebsd box serving as the gateway. Can anyone please explain to me in easy steps how to accomplish this ? If you use (or are willing to use) IPFirewall, this should help: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html Best of luck, Andrew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system
Jeremy Chadwick wrote: On Tue, Oct 14, 2008 at 04:55:11AM -0400, Michael Powell wrote: [snip] Next, you will want to configure your FreeBSD machine as a NAT gateway. In your /etc/rc.conf you will want something like gateway_enable=YES and some form of firewall initialization[1]. The gateway_enable is what allows the forwarding of packets between your rl0 and your rl1, but the activation of NAT functionality is usually a function contained within a firewall. So conceptually, the firewall will be in between rl0 and rl1. There are three different firewalls you can choose from. Configuring the firewall is usually where the inexperienced get stuck. This subject material is beyond the scope of this missive, and you would do well to start reading in the Handbook. But essentially, when you configure NAT in the firewall your rl0 (connected to the ISP) will be assigned a Public IP address and the NAT function will translate between Public and Private. With respect to NAT, the caveat here is the assumption that your DSL/Cable modem is *not* already performing NAT. The situation you do not want to get into is having *two* NATs. The content herein is assuming that the external (rl0) interface is getting assigned a Public IP from the ISP. [snip] Doesn't he need to also set sysctl net.inet.ip.forwarding=1 for his box to act as a gateway? Or is this handled by the NAT portion? The gateway_enable=YES in /etc/rc.conf sets this. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
