Re: Need Guidance in my Internet Connection Sharing configuration - SOLVED - Thank you
To All: Chuck Swiger <[EMAIL PROTECTED]> >> By the way, is my system clock wrong or yours? > Your clock seems to be off. In my Gnome Desktop my date and time are correct but anyways I will try to find out about this one... John <[EMAIL PROTECTED]> > If you are getting DHCP from your aDSL modem, it is very likely that > it is already doing NAT for you (and firewalling). Doing NAT upon > NAT is probably not productive. If you are getting an RFC1597 > private (non-routed) address, this is certainly the case. Otherwise, > try logging in to your aDSL (the provided documentation should > tell you how) and see if it doesn't have NAT settings. > If my suspicion is correct, then you simply need to connect a switch > or hub between your aDSL modem and your computers. Just be aware, > many aDSL modems come configured with a very small DHCP pool > (often just 2 or 4 addresses), so you may have to expand that > (again, by logging in to the administrative function of your > aDSL modem, hopefully through a web browser, though some require > an [often Windows-only] custom application). I tried this connection last year and found out that every time I try to connect to the Internet in either computer, the aDSL Modem just cuts-off and that was the time I thought that I should be using NAT but since I had to study on IPFW and NATD, I had to do some research and it took me some time to try what I am trying today or shall I say I tried since last week... Benjamin Sobotta <[EMAIL PROTECTED]> > To make sure I understand, you can reach the internet from your > router? So it is really a routing problem, right? > The interface connected to the modem is bge0? aue0 is connected to > your internal network?! Your internal machines can ping the router?? > If everything is so then try > natd_interface="bge0" > instead of what you have. Actually I'm not sure at all because I'm not > on my machine. Anyways, might be worth a shot. Ohh and don't forget to > reboot after you did the changes. If this doesn't work I would try > everything without all those firewall rules. Start out easy and when > it works you can still add rule after rule. Always try pinging IPs > because DNS might not work right away. I tried this one and it worked... Frank J. Laszlo <[EMAIL PROTECTED]> >> natd_interface="aue0" > this should be your external (ADSL) interface Yes, I tried this one and it worked... To all of you who responded, Thank you very very...much natd_interface="aue0" was what made my system enables my Internet Connection Sharing Once again, thank you to all of you and of course to the FreeBSD Documentation Team... Srot BULL P.S. Could not CC to all because I forgot how to send an Email with multiple CC addresses in...Hehehe ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Need Guidance in my Internet Connection Sharing configuration
On Tue, Jan 11, 2005 at 09:15:03AM +, Srot BULL wrote: >... If you are getting DHCP from your aDSL modem, it is very likely that it is already doing NAT for you (and firewalling). Doing NAT upon NAT is probably not productive. If you are getting an RFC1597 private (non-routed) address, this is certainly the case. Otherwise, try logging in to your aDSL (the provided documentation should tell you how) and see if it doesn't have NAT settings. If my suspicion is correct, then you simply need to connect a switch or hub between your aDSL modem and your computers. Just be aware, many aDSL modems come configured with a very small DHCP pool (often just 2 or 4 addresses), so you may have to expand that (again, by logging in to the administrative function of your aDSL modem, hopefully through a web browser, though some require an [often Windows-only] custom application). > Thank you for the immediate response > > On Mon, 2005-01-10 at 18:56 -0500, Chuck Swiger wrote: > > Srot BULL wrote: > > [ ... ] > > > By the way, since this is my first try in Internet Connection > > > Sharing...I am not that sure with my cable connections... > > > My internal LAN Card "bge0" is connected to my ADSL Modem while my other > > > externel USB LAN Card "aue0" is connected to my switching hub...and the > > > other PC that I have is also connected to the hub...Is this O.K.? > > > > Your aDSL provider may not be giving you direct IP connectivity, but > > instead > > require you to configure PPPoE access via a username/password. > My connection is simple, I just connect my ethernet cable to my aDSL > broadband modem and then dhcp-client gets the necessary information for > my system to connect to the internet...I think my username/password is > already in my aDSL modem... > Well, does this mean that I will not be able to share my internet > connection at home?...not a big problem though but it hurts!...I can > still just remove and insert the LAN cable to which PC I want to use and > get connected immediately...I only wanted to learn how to configure how > to share internet connection in LAN...and of course brag to my > girlfriend that my FreeBSD is simple and powerful than her MS > $...Hehehe... > Maybe I should be consulting my ISP for this one? Pay some bucks for > internet connection sharing? > By the way, is my system clock wrong or yours? > Once again thank you for the response and hope for other > assistance/information in the future... > > Srot BULL > > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- John Lind [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Need Guidance in my Internet Connection Sharing configuration
Srot BULL wrote: Hello and Good Day to all, I have tried to configure my system for Internet Connection Sharing but I could not implement the configuration properly. I am afraid that this is all my mind can figure out. Please look through below and I would appreciate if you could point out the mistakes that I have done or point me to any links that would help me help solve this problem. uname -a FreeBSD r40e.point.ne.jp 5.3-STABLE FreeBSD 5.3-STABLE #1: Mon Jan 10 12:49:58 UTC 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/R40e i386 Kernel Configuration File: #===--- IPFIREWALL OPTIONS ---===# options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=5 options IPFIREWALL_DEFAULT_TO_ACCEPT #=- Enables NAT Functionality -=# options IPDIVERT /etc/rc.conf hostname="r40e.point.ne.jp" #** OutBound Interface **# ifconfig_bge0="DHCP" <...snip...> natd_interface="aue0" this should be your external (ADSL) interface -Frank ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Need Guidance in my Internet Connection Sharing configuration
Hello To make sure I understand, you can reach the internet from your router? So it is really a routing problem, right? The interface connected to the modem is bge0? aue0 is connected to your internal network?! Your internal machines can ping the router?? If everything is so then try natd_interface="bge0" instead of what you have. Actually I'm not sure at all because I'm not on my machine. Anyways, might be worth a shot. Ohh and don't forget to reboot after you did the changes. If this doesn't work I would try everything without all those firewall rules. Start out easy and when it works you can still add rule after rule. Always try pinging IPs because DNS might not work right away. HTH, Ben On Tue, 2005-01-11 at 08:37 +, Srot BULL wrote: > Hello and Good Day to all, > > I have tried to configure my system for Internet Connection Sharing but > I could not implement the configuration properly. I am afraid that this > is all my mind can figure out. Please look through below and I would > appreciate if you could point out the mistakes that I have done or point > me to any links that would help me help solve this problem. > > > uname -a > FreeBSD r40e.point.ne.jp 5.3-STABLE FreeBSD 5.3-STABLE #1: Mon Jan 10 > 12:49:58 > UTC 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/R40e i386 > > Kernel Configuration File: > #===--- IPFIREWALL OPTIONS ---===# > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=5 > options IPFIREWALL_DEFAULT_TO_ACCEPT > #=- Enables NAT Functionality -=# > options IPDIVERT > > /etc/rc.conf > hostname="r40e.point.ne.jp" > #** OutBound Interface **# > ifconfig_bge0="DHCP" > #** Internal LAN Interface **# > ifconfig_aue0="inet 10.20.30.1 netmask 255.0.0.0" > gateway_enable="YES" > natd_enable="YES" > natd_interface="aue0" > natd_flags="-dynamic -m" > firewall_enable="YES" > firewall_script="/etc/ipfw.rulesets" > firewall_type="OPEN" > firewall_quiet="YES" > firewall_logging_enable="YES" > > This is my /etc/ipfw.rulesets: > -- > #!/bin/sh > > ipfw -q -f flush > CMD="ipfw -q add" > SKIP="skipto 00800" > KS="keep-state" > INIC="bge0" > > $CMD 5 allow all from any to any via aue0 > $CMD 00010 allow all from any to any via lo0 > $CMD 00014 divert natd ip from any to any in via $INIC > $CMD 00015 check-state > > $CMD 00020 $SKIP tcp from any to 192.168.0.1 53 out via $INIC setup $KS > $CMD 00021 $SKIP udp from any to 192.168.0.1 53 out via $INIC $KS > $CMD 00030 $SKIP udp from any to 192.168.0.1 67 out via $INIC $KS > $CMD 00040 $SKIP tcp from any to any 80 out via $INIC setup $KS > $CMD 00050 $SKIP tcp from any to any 443 out via $INIC setup $KS > $CMD 00060 $SKIP tcp from any to any 25 out via $INIC setup $KS > $CMD 00061 $SKIP tcp from any to any 110 out via $INIC setup $KS > $CMD 00070 $SKIP tcp from me to any out via $INIC setup $KS uid root > $CMD 00080 $SKIP icmp from any to any out via $INIC $KS > $CMD 00090 $SKIP tcp from any to any 37 out via $INIC setup $KS > $CMD 00100 $SKIP tcp from any to any 119 out via $INIC setup $KS > $CMD 00110 $SKIP tcp from any to any 22 out via $INIC setup $KS > $CMD 00120 $SKIP tcp from any to any 43 out via $INIC setup $KS > $CMD 00130 $SKIP udp from any to any 123 out via $INIC $KS > > $CMD 00300 deny all from 192.168.0.0/16 to any in via $INIC > $CMD 00301 deny all from 172.16.0.0/12 to any in via $INIC > $CMD 00302 deny all from 10.0.0.0/8 to any in via $INIC > $CMD 00303 deny all from 127.0.0.0/8 to any in via $INIC > $CMD 00304 deny all from 0.0.0.0/8 to any in via $INIC > $CMD 00305 deny all from 169.254.0.0/16 to any in via $INIC > $CMD 00306 deny all from 192.0.2.0/24 to any in via $INIC > $CMD 00307 deny all from 204.152.64.0/23 to any in via $INIC > $CMD 00308 deny all from 224.0.0.0/3 to any in via $INIC > #$CMD 00310 deny icmp from any to any in via $INIC > $CMD 00315 deny tcp from any to any 113 in via $INIC > $CMD 00320 deny tcp from any to any 137 in via $INIC > $CMD 00321 deny tcp from any to any 138 in via $INIC > $CMD 00322 deny tcp from any to any 139 in via $INIC > $CMD 00323 deny tcp from any to any 81 in via $INIC > $CMD 00330 deny all from any to any frag in via $INIC > $CMD 00332 deny tcp from any to any established in via $INIC > > $CMD 00360 allow udp from any to 192.168.0.1 67 in via $INIC $KS > #$CMD 00370 allow tcp from any to me 80 in via $INIC setup limit > src-addr 2 > #$CMD 00380 allow tcp from any
Re: Need Guidance in my Internet Connection Sharing configuration
Srot BULL wrote: Thank you for the immediate response No problem, you are welcome. [ ... ] Well, does this mean that I will not be able to share my internet connection at home?...not a big problem though but it hurts!...I can still just remove and insert the LAN cable to which PC I want to use and get connected immediately...I only wanted to learn how to configure how to share internet connection in LAN...and of course brag to my girlfriend that my FreeBSD is simple and powerful than her MS $...Hehehe... Maybe I should be consulting my ISP for this one? Pay some bucks for internet connection sharing? Your aDSL modem may cache the MAC address of the connected computer. You might be able to reset it by power-cycling it after connecting it to a different system, or your ISP may have hard-coded the MAC into it to discourage people from doing what you are doing. [ You may be able to work around such by using a broadband router which lets you configure the MAC address used for the WAN port to be the MAC of the system which works. ] By the way, is my system clock wrong or yours? Your clock seems to be off. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Need Guidance in my Internet Connection Sharing configuration
Thank you for the immediate response On Mon, 2005-01-10 at 18:56 -0500, Chuck Swiger wrote: > Srot BULL wrote: > [ ... ] > > By the way, since this is my first try in Internet Connection > > Sharing...I am not that sure with my cable connections... > > My internal LAN Card "bge0" is connected to my ADSL Modem while my other > > externel USB LAN Card "aue0" is connected to my switching hub...and the > > other PC that I have is also connected to the hub...Is this O.K.? > > Your aDSL provider may not be giving you direct IP connectivity, but instead > require you to configure PPPoE access via a username/password. My connection is simple, I just connect my ethernet cable to my aDSL broadband modem and then dhcp-client gets the necessary information for my system to connect to the internet...I think my username/password is already in my aDSL modem... Well, does this mean that I will not be able to share my internet connection at home?...not a big problem though but it hurts!...I can still just remove and insert the LAN cable to which PC I want to use and get connected immediately...I only wanted to learn how to configure how to share internet connection in LAN...and of course brag to my girlfriend that my FreeBSD is simple and powerful than her MS $...Hehehe... Maybe I should be consulting my ISP for this one? Pay some bucks for internet connection sharing? By the way, is my system clock wrong or yours? Once again thank you for the response and hope for other assistance/information in the future... Srot BULL ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Need Guidance in my Internet Connection Sharing configuration
Srot BULL wrote: [ ... ] By the way, since this is my first try in Internet Connection Sharing...I am not that sure with my cable connections... My internal LAN Card "bge0" is connected to my ADSL Modem while my other externel USB LAN Card "aue0" is connected to my switching hub...and the other PC that I have is also connected to the hub...Is this O.K.? Your aDSL provider may not be giving you direct IP connectivity, but instead require you to configure PPPoE access via a username/password. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Need Guidance in my Internet Connection Sharing configuration
Hello and Good Day to all, I have tried to configure my system for Internet Connection Sharing but I could not implement the configuration properly. I am afraid that this is all my mind can figure out. Please look through below and I would appreciate if you could point out the mistakes that I have done or point me to any links that would help me help solve this problem. uname -a FreeBSD r40e.point.ne.jp 5.3-STABLE FreeBSD 5.3-STABLE #1: Mon Jan 10 12:49:58 UTC 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/R40e i386 Kernel Configuration File: #===--- IPFIREWALL OPTIONS ---===# options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=5 options IPFIREWALL_DEFAULT_TO_ACCEPT #=- Enables NAT Functionality -=# options IPDIVERT /etc/rc.conf hostname="r40e.point.ne.jp" #** OutBound Interface **# ifconfig_bge0="DHCP" #** Internal LAN Interface **# ifconfig_aue0="inet 10.20.30.1 netmask 255.0.0.0" gateway_enable="YES" natd_enable="YES" natd_interface="aue0" natd_flags="-dynamic -m" firewall_enable="YES" firewall_script="/etc/ipfw.rulesets" firewall_type="OPEN" firewall_quiet="YES" firewall_logging_enable="YES" This is my /etc/ipfw.rulesets: -- #!/bin/sh ipfw -q -f flush CMD="ipfw -q add" SKIP="skipto 00800" KS="keep-state" INIC="bge0" $CMD 5 allow all from any to any via aue0 $CMD 00010 allow all from any to any via lo0 $CMD 00014 divert natd ip from any to any in via $INIC $CMD 00015 check-state $CMD 00020 $SKIP tcp from any to 192.168.0.1 53 out via $INIC setup $KS $CMD 00021 $SKIP udp from any to 192.168.0.1 53 out via $INIC $KS $CMD 00030 $SKIP udp from any to 192.168.0.1 67 out via $INIC $KS $CMD 00040 $SKIP tcp from any to any 80 out via $INIC setup $KS $CMD 00050 $SKIP tcp from any to any 443 out via $INIC setup $KS $CMD 00060 $SKIP tcp from any to any 25 out via $INIC setup $KS $CMD 00061 $SKIP tcp from any to any 110 out via $INIC setup $KS $CMD 00070 $SKIP tcp from me to any out via $INIC setup $KS uid root $CMD 00080 $SKIP icmp from any to any out via $INIC $KS $CMD 00090 $SKIP tcp from any to any 37 out via $INIC setup $KS $CMD 00100 $SKIP tcp from any to any 119 out via $INIC setup $KS $CMD 00110 $SKIP tcp from any to any 22 out via $INIC setup $KS $CMD 00120 $SKIP tcp from any to any 43 out via $INIC setup $KS $CMD 00130 $SKIP udp from any to any 123 out via $INIC $KS $CMD 00300 deny all from 192.168.0.0/16 to any in via $INIC $CMD 00301 deny all from 172.16.0.0/12 to any in via $INIC $CMD 00302 deny all from 10.0.0.0/8 to any in via $INIC $CMD 00303 deny all from 127.0.0.0/8 to any in via $INIC $CMD 00304 deny all from 0.0.0.0/8 to any in via $INIC $CMD 00305 deny all from 169.254.0.0/16 to any in via $INIC $CMD 00306 deny all from 192.0.2.0/24 to any in via $INIC $CMD 00307 deny all from 204.152.64.0/23 to any in via $INIC $CMD 00308 deny all from 224.0.0.0/3 to any in via $INIC #$CMD 00310 deny icmp from any to any in via $INIC $CMD 00315 deny tcp from any to any 113 in via $INIC $CMD 00320 deny tcp from any to any 137 in via $INIC $CMD 00321 deny tcp from any to any 138 in via $INIC $CMD 00322 deny tcp from any to any 139 in via $INIC $CMD 00323 deny tcp from any to any 81 in via $INIC $CMD 00330 deny all from any to any frag in via $INIC $CMD 00332 deny tcp from any to any established in via $INIC $CMD 00360 allow udp from any to 192.168.0.1 67 in via $INIC $KS #$CMD 00370 allow tcp from any to me 80 in via $INIC setup limit src-addr 2 #$CMD 00380 allow tcp from any to me 22 in via $INIC setup limit src-addr 2 #$CMD 00390 allow tcp from any to me 23 in via $INIC setup limit src-addr 2 $CMD 00400 deny log all from any to any in via $INIC $CMD 00450 deny log all from any to any out via $INIC $CMD 00800 divert natd ip from any to any out via $INIC $CMD 00801 allow ip from any to any $CMD 00999 deny log all from any to any The problem with the above configuration is I do not get connected to my ADSL Modem and no internet connection at all. "netstat -r" shows nothing... Are the configuration enough for me to configure my system for Internet Connection Sharing or do I have to tweak other settings? I would really appreciate any help, hints, or advices... Thank you in advance... By the way, since this is my first try in Internet Connection Sharing...I am not that sure with my cable connections... My internal LAN Card "bge0" is connected to my ADSL Modem while my other externel USB LAN Card "aue0" is connected to my switching hub...and the other PC that I have is also connected to the hub...Is this O.K.? Srot BULL ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Internet connection sharing
Use FreeBSD as the box that connects to your ISP and put the other boxes on a LAN behind the FreeBSD box. To do this you need to use NAT. A new rewrite of the FreeBSD handbook firewall section is currently being made ready for update to the handbook. You can get an in-process copy from www.a1poweruser.com/FBSD_firewall/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Stanley Wright Sent: Sunday, July 18, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: Internet connection sharing Hello All, What is the best way to share an internet connection between FreeBSD and Linux and FreeBSD and windows. Thanks. Stanley - Do you Yahoo!? Vote for the stars of Yahoo!'s next ad campaign! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Internet connection sharing
On Sun, 18 Jul 2004 08:19:49 -0700 (PDT) Stanley Wright <[EMAIL PROTECTED]> wrote: Hi, > What is the best way to share an internet connection between FreeBSD > and Linux and FreeBSD and windows. Assuming that the FreeBSD box is the one that's direcly connected to the internet: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html That part of the handbook (which I encourage you to read if you haven't already) explains what's NAT and how to set it up using ipfw/natd. You can also configure a nat box using ipf/ipnat. http://www.obfuscation.org/ipf can help if you choose to go the ipf route. Cheers, -- Miguel Mendez <[EMAIL PROTECTED]> http://www.energyhq.es.eu.org PGP Key: 0xDC8514F1 pgpxEX7YU4y4b.pgp Description: PGP signature
Re: Internet connection sharing
On Sunday 18 July 2004 15:19, Stanley Wright wrote: > Hello All, > > What is the best way to share an internet connection between FreeBSD and > Linux and FreeBSD and windows. > > Thanks. > > Stanley > Good question. :) Well, make one of the machines a router. Preferably FreeBSD, Linux... Cheers, Ben ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Internet connection sharing
Hello All, What is the best way to share an internet connection between FreeBSD and Linux and FreeBSD and windows. Thanks. Stanley - Do you Yahoo!? Vote for the stars of Yahoo!'s next ad campaign! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Internet connection sharing
Lance Earl wrote: I am new to FreeBSD. I am evaluating it as a possible replacement for my in house desktops and ultimately a replacement for my redhat Internet server. I installed 4.9 without a hitch and decided to go ahead and install 5.2 in order to avoid potential upgrade issues mentioned on the BSD wed site. I am having problems with internet connection sharing. The computer is seeing my network but is not seeing the Internet through my gateway computer. I think that I may have incorrectly entered the gateway IP during install. I have checked the FAQ and HandBook for the name and location of the file that contains the Gateway IP with no success. Can you please help me locate this file so I can confirm my settings. Thanks Lance Earl DallyPost, Inc. 208-548-2721 Hi, Lance, You have received some good advice already. One further note: If you have already booted a FBSD box *without* having proper gateway information in /etc/rc.conf, simply type (as root): #route add default xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx is the IP of the desired gateway. HTH, Kevin Kinsey ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Internet connection sharing
The network settings are usually in the rc.conf file in /etc/. For DHCP, you should have the line ifconfig_interface="DHCP" where *interface* is the given nic you are using - in other words, it is *not* the word interface. If you are trying to set a static IP addy and gateway, then your rc.conf file should have entries that look like: defaultrouter="x.x.x.x" ifconfig_interface="inet x.x.x.x netmask x.x.x.x" HtH, Steve Fettig Lance Earl wrote: I am new to FreeBSD. I am evaluating it as a possible replacement for my in house desktops and ultimately a replacement for my redhat Internet server. I installed 4.9 without a hitch and decided to go ahead and install 5.2 in order to avoid potential upgrade issues mentioned on the BSD wed site. I am having problems with internet connection sharing. The computer is seeing my network but is not seeing the Internet through my gateway computer. I think that I may have incorrectly entered the gateway IP during install. I have checked the FAQ and HandBook for the name and location of the file that contains the Gateway IP with no success. Can you please help me locate this file so I can confirm my settings. Thanks Lance Earl DallyPost, Inc. 208-548-2721 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Internet connection sharing
/etc/rc.conf > I am new to FreeBSD. I am evaluating it as a possible replacement for my > in house desktops and ultimately a replacement for my redhat Internet > server. > > I installed 4.9 without a hitch and decided to go ahead and install 5.2 in > order to avoid potential upgrade issues mentioned on the BSD wed site. > > I am having problems with internet connection sharing. The computer is > seeing my network but is not seeing the Internet through my gateway > computer. I think that I may have incorrectly entered the gateway IP > during install. I have checked the FAQ and HandBook for the name and > location of the file that contains the Gateway IP with no success. > > Can you please help me locate this file so I can confirm my settings. > > Thanks > > > Lance Earl > DallyPost, Inc. > 208-548-2721 > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" > ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Internet connection sharing
I am new to FreeBSD. I am evaluating it as a possible replacement for my in house desktops and ultimately a replacement for my redhat Internet server. I installed 4.9 without a hitch and decided to go ahead and install 5.2 in order to avoid potential upgrade issues mentioned on the BSD wed site. I am having problems with internet connection sharing. The computer is seeing my network but is not seeing the Internet through my gateway computer. I think that I may have incorrectly entered the gateway IP during install. I have checked the FAQ and HandBook for the name and location of the file that contains the Gateway IP with no success. Can you please help me locate this file so I can confirm my settings. Thanks Lance Earl DallyPost, Inc. 208-548-2721 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Internet connection sharing with FreeBSD
Stan Wright wrote: What is the best way to share an internet connection between two FreeBSD machines ? The network [192.168.0.x] is already set up. I can ssh etc. from one machine to the other. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" Using ppp for Inet connection, or a NIC/broadband? I use "ppp -nat" for my modem connection. For broadband, use "natd_enable=YES" and "natd_interface=rl0" (or whatever if you have...) IIRC, you must have some kernel options to do the latter, or perhaps a KLD. Check the handbook section on "Network Address Translation" in chapter 19. HTH, KDK ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Internet connection sharing with FreeBSD
On Fri, Dec 19, 2003 at 12:49:16PM -0500, Stan Wright wrote: > What is the best way to share an internet connection between two FreeBSD > machines ? The network [192.168.0.x] is already set up. I can ssh etc. > from one machine to the other. > Check out the following link: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html Josh Paetzel ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Internet connection sharing with FreeBSD
What is the best way to share an internet connection between two FreeBSD machines ? The network [192.168.0.x] is already set up. I can ssh etc. from one machine to the other. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Windows client - internet connection sharing
Thank you Matthew. a big help! On Tue, 16 Dec 2003 15:18:08 + Matthew Seaman <[EMAIL PROTECTED]> wrote: > On Mon, Dec 15, 2003 at 07:40:14PM +0200, Gareth Bailey > wrote: > > Is it possible to set up a freebsd server connected to > an > > ADSL line to provide internet access via LAN to a > number of > > Windows clients. I don't know where to start. Any > > information in this regard will be greatly appreciated. > > Yes, absolutely. However, there are such a huge number > of variations > on possible ways of doing that that it's impossible to > describe > everything you'ld need to know in a simple e-mail. > > Lets look at a few questions you'ld need to answer: > > 1) ADSL router or modem? > > This is all about how you interface your FreeBSD > system to ADSL -- > the basic choice is between a router: a standalone > unit which you > plug the phone line into one side of, and an ethernet > cable into > the other -- or a modem: this is a device that plugs > into a serial > or USB port on your FreeBSD box. > > Routers will work entirely independently of your > FreeBSD machine. > Since your connection to them is via ethernet, > there's practically > no compatibility problems. Depending on how much > money you spend, > your can get routers which provide packet filtering, > network and > port address translation, DNS, DHCP and various other > capabilities > -- although if you go to the expense of buying a > really capable > router there's not much left to do for your FreeBSD > box. > > Modems are the other end of this scale: you need to > find a device > for which appropriate drivers are available under > FreeBSD. Once > you've got the modem connected up, you'll need to use > the attached > FreeBSD box to provide appropriate functionality to > make a > practicable ADSL connection. This includes running > PPPoA or PPPoE > (A = ATM, E = Ethernet: all ADSL in the UK is PPPoA, > other > countries do things differently) to establish > networking into your > service provider. You would use the standard FreeBSD > stuff to do > NAT and firewall packet filtering, and you can > install DHCP > servers and so forth. Effectively the FreeBSD box + > modem takes > the place of the standalone router above. > > 2) What sort of address space do you want to have > assigned to you > from your ISP? The cheapest ADSL accounts give you a > single > Internet-routable IP number, usually assigned via > DHCP. There can > be an implicit assumption that you've basically got > just one > machine you want to have net access, although this is > becoming > less common nowadays. Lots of ISPs will give you two > addresses: > this is intended to give you an address for the > router box, plus > an address for a real PC. Next step up is to get > that one or two > addresses permanently assigned to you. Beyond that, > you can get a > routed connection -- you get a small net block > permanently assigned > to you, as well as the single IP used for the WAN > side of your > router. This enables you to set up a 'DMZ' network, > and for > instance have several servers visible on the > Internet. Many ISPs > will have local policies forbidding you from running > servers of > various sorts, mostly as a way of protecting the ISP > from the > awful consequences of allowing Windoze machines out > on the open > Internet in the hands of the clueless. > > 3) A consequential decision related to the above: do you > want some or > all of your Windows (or other) LAN machines to have > Internet > routable addresses or to run Internet visible > services? There's > several ways of doing this: > > DMZ network -- classic firewall design. Here the > Internet > accessible machines are kept on a separate small > sub-net, and you > have a second packet-filtering router (generally a > machine with a > couple of network cards, running natd and ipfw or > similar) between > that and your private internal network. > > Packet filtering bridge -- similar to the above, > except that the > DMZ is and the internal private stuff are now > technically on the > same subnet, and your packet filter serves to > separate public and > private parts of the subnet. This is a much harder > setup to get > working effectively and securely than either of the > other two, so > use only as a last resort. > > NAT address proxying -- your NAT gateway has one or > more IP > addresses assigned and the NAT gateway knows how to > forward > incoming connections to an internal server. Or you > run proxy > servers on the Internet visible addresses which will > accept > incoming connections and relay them to the real > servers on the > internal network. Taken to the extreme, you could > use this sort > of setup to do load balancing and other fanc
RE: Windows client - internet connection sharing
YES, it is possible. You probably want to start at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routin g.html. Otherwise, there are many howtos and tutorials on setting up a gateway. There is also an option in /stand/sysinstall under networking to 'make this computer act as a gateway,' which you may want to check out. HTH Eric F Crist President AdTech Integrated Systems, Inc (612) 998-3588 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gareth Bailey Sent: Monday, December 15, 2003 11:40 AM To: [EMAIL PROTECTED] Subject: Windows client - internet connection sharing Is it possible to set up a freebsd server connected to an ADSL line to provide internet access via LAN to a number of Windows clients. I don't know where to start. Any information in this regard will be greatly appreciated. Thanks Gareth Bailey ___ Look Good, Feel Good www.healthiest.co.za ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Windows client - internet connection sharing
On Mon, Dec 15, 2003 at 07:40:14PM +0200, Gareth Bailey wrote: > Is it possible to set up a freebsd server connected to an > ADSL line to provide internet access via LAN to a number of > Windows clients. I don't know where to start. Any > information in this regard will be greatly appreciated. Yes, absolutely. However, there are such a huge number of variations on possible ways of doing that that it's impossible to describe everything you'ld need to know in a simple e-mail. Lets look at a few questions you'ld need to answer: 1) ADSL router or modem? This is all about how you interface your FreeBSD system to ADSL -- the basic choice is between a router: a standalone unit which you plug the phone line into one side of, and an ethernet cable into the other -- or a modem: this is a device that plugs into a serial or USB port on your FreeBSD box. Routers will work entirely independently of your FreeBSD machine. Since your connection to them is via ethernet, there's practically no compatibility problems. Depending on how much money you spend, your can get routers which provide packet filtering, network and port address translation, DNS, DHCP and various other capabilities -- although if you go to the expense of buying a really capable router there's not much left to do for your FreeBSD box. Modems are the other end of this scale: you need to find a device for which appropriate drivers are available under FreeBSD. Once you've got the modem connected up, you'll need to use the attached FreeBSD box to provide appropriate functionality to make a practicable ADSL connection. This includes running PPPoA or PPPoE (A = ATM, E = Ethernet: all ADSL in the UK is PPPoA, other countries do things differently) to establish networking into your service provider. You would use the standard FreeBSD stuff to do NAT and firewall packet filtering, and you can install DHCP servers and so forth. Effectively the FreeBSD box + modem takes the place of the standalone router above. 2) What sort of address space do you want to have assigned to you from your ISP? The cheapest ADSL accounts give you a single Internet-routable IP number, usually assigned via DHCP. There can be an implicit assumption that you've basically got just one machine you want to have net access, although this is becoming less common nowadays. Lots of ISPs will give you two addresses: this is intended to give you an address for the router box, plus an address for a real PC. Next step up is to get that one or two addresses permanently assigned to you. Beyond that, you can get a routed connection -- you get a small net block permanently assigned to you, as well as the single IP used for the WAN side of your router. This enables you to set up a 'DMZ' network, and for instance have several servers visible on the Internet. Many ISPs will have local policies forbidding you from running servers of various sorts, mostly as a way of protecting the ISP from the awful consequences of allowing Windoze machines out on the open Internet in the hands of the clueless. 3) A consequential decision related to the above: do you want some or all of your Windows (or other) LAN machines to have Internet routable addresses or to run Internet visible services? There's several ways of doing this: DMZ network -- classic firewall design. Here the Internet accessible machines are kept on a separate small sub-net, and you have a second packet-filtering router (generally a machine with a couple of network cards, running natd and ipfw or similar) between that and your private internal network. Packet filtering bridge -- similar to the above, except that the DMZ is and the internal private stuff are now technically on the same subnet, and your packet filter serves to separate public and private parts of the subnet. This is a much harder setup to get working effectively and securely than either of the other two, so use only as a last resort. NAT address proxying -- your NAT gateway has one or more IP addresses assigned and the NAT gateway knows how to forward incoming connections to an internal server. Or you run proxy servers on the Internet visible addresses which will accept incoming connections and relay them to the real servers on the internal network. Taken to the extreme, you could use this sort of setup to do load balancing and other fancy networking tricks, but you'ld probably have to spend $$$ to by the right sort of hardware load balancing kit needed. 4) From the point of view of the private side of your network, the FreeBSD box should minimally appear as the default gateway to the Internet. You can assign IP addresses and other configuration parameters to each machine manually or you can run various
RE: Windows client - internet connection sharing
Yes this is done all the time. Start by reading the FBSD handbook at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Gareth Bailey Sent: Monday, December 15, 2003 12:40 PM To: [EMAIL PROTECTED] Subject: Windows client - internet connection sharing Is it possible to set up a freebsd server connected to an ADSL line to provide internet access via LAN to a number of Windows clients. I don't know where to start. Any information in this regard will be greatly appreciated. Thanks Gareth Bailey ___ Look Good, Feel Good www.healthiest.co.za ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Windows client - internet connection sharing
Is it possible to set up a freebsd server connected to an ADSL line to provide internet access via LAN to a number of Windows clients. I don't know where to start. Any information in this regard will be greatly appreciated. Thanks Gareth Bailey ___ Look Good, Feel Good www.healthiest.co.za ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Internet connection sharing
From: randall ehren <[EMAIL PROTECTED]> To: David Kelly <[EMAIL PROTECTED]> CC: Christophe Simon <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Subject: Re: Internet connection sharing Date: Sun, 22 Dec 2002 11:15:17 -0800 (PST) > > I'm trying to configure an old K6 200 as a gateway to share my internet > > connection at home. My LAN connected interface is xl0 (192.168.0.1), and my > > internet connected interface is ed0 (DHCP). > > I followed the instructions to make a filtering bridge : > [...] > > IMO you don't want a filtering bridge. You want a NAT Gateway. Enable > the gateway kernel option, may have to compile divert sockets into the > kernel, ipfw is needed to divert packets to natd, run natd. or you can use IPFILTER, less involved setup: http://www.isber.ucsb.edu/~randall/wireless/ipnat.html in your case, fxp0 = ed0 and xl0 = wi0 (corresponding to the guide above) -randall -- :// randall s. ehren :// voice 805.893.5632 :// systems administrator:// isber|survey|avss.ucsb.edu :// institute for social, behavioral, and economic research I succeeded in configuring my pc as an internet gateway. I had problems with the the page you indicated me (but it's very well done and documented). Here's the method i used : * In the kernel configuration file for compilation: options IPFILTER options IPDIVERT options IPFIREWALL options IPFIREWALL_VERBOSE (to log firewall) options IPFIREWALL_VERBOSE_LIMIT=100 (log limits) * In the rc.conf file (on a 192.168.0.0 network) ifconfig_xl0="inet 192.168.0.1 netmask 0xff00" (LAN connection" ifconfig_ed0="DHCP" gateway_enable="YES" natd_enable="YES" natd_interface=ed0 firewall_enable="YES" firewall_type="open" (or any firewall rules) firewall_quiet="YES" firewall_logging="YES" I hope it will be of any utility... Thanks a lot for your help ! _ MSN Messenger : discutez en direct avec vos amis ! http://www.msn.fr/msger/default.asp To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Internet connection sharing
> > or you can use IPFILTER, less involved setup: > > http://www.isber.ucsb.edu/~randall/wireless/ipnat.html > > the above URL refers to a page containing some > info on setting up ipnat with one network card: > URL:http://forum.redigital.org/read.php?f=2&i=9&t=8 > > However, that URL appears to no longer be valid. :-( > Does this info exist somewhere else? instead of assigning a private (192.168.x.x) address to your 2nd network card, just do the following: % ifconfig fxp0 alias 192.168.x.x netmask 255.255.255.255 where fxp0 is your primary network card. in this example you have to assume your gateway/isp connection is connected to a hub/switch and all of your comptuters, including the one doing NAT, are connected to the hub/switch as well. -- :// randall s. ehren :// voice 805.893.5632 :// systems administrator:// isber|survey|avss.ucsb.edu :// institute for social, behavioral, and economic research To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Internet connection sharing
* randall ehren <[EMAIL PROTECTED]> [2002-12-22 11.15 -0800]: [snip] > or you can use IPFILTER, less involved setup: > http://www.isber.ucsb.edu/~randall/wireless/ipnat.html Hi, the above URL refers to a page containing some info on setting up ipnat with one network card: URL:http://forum.redigital.org/read.php?f=2&i=9&t=8 However, that URL appears to no longer be valid. :-( Does this info exist somewhere else? TIA -- Martin Karlsson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Internet connection sharing
> > I'm trying to configure an old K6 200 as a gateway to share my internet > > connection at home. My LAN connected interface is xl0 (192.168.0.1), and my > > internet connected interface is ed0 (DHCP). > > I followed the instructions to make a filtering bridge : > [...] > > IMO you don't want a filtering bridge. You want a NAT Gateway. Enable > the gateway kernel option, may have to compile divert sockets into the > kernel, ipfw is needed to divert packets to natd, run natd. or you can use IPFILTER, less involved setup: http://www.isber.ucsb.edu/~randall/wireless/ipnat.html in your case, fxp0 = ed0 and xl0 = wi0 (corresponding to the guide above) -randall -- :// randall s. ehren :// voice 805.893.5632 :// systems administrator:// isber|survey|avss.ucsb.edu :// institute for social, behavioral, and economic research To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Internet connection sharing
On Sun, Dec 22, 2002 at 05:15:33PM +, Christophe Simon wrote: > Hi, > > I'm trying to configure an old K6 200 as a gateway to share my internet > connection at home. My LAN connected interface is xl0 (192.168.0.1), and my > internet connected interface is ed0 (DHCP). > I followed the instructions to make a filtering bridge : [...] IMO you don't want a filtering bridge. You want a NAT Gateway. Enable the gateway kernel option, may have to compile divert sockets into the kernel, ipfw is needed to divert packets to natd, run natd. -- David Kelly N4HHE, [EMAIL PROTECTED] = The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Internet connection sharing
Hi, I'm trying to configure an old K6 200 as a gateway to share my internet connection at home. My LAN connected interface is xl0 (192.168.0.1), and my internet connected interface is ed0 (DHCP). I followed the instructions to make a filtering bridge : * /boot/loader.conf bridge_load="YES" * /etc/sysctl.conf net.link.ether.bridge_cfg=ed0:0,xl0:0 net.link.ether.bridge_ipfw=1 net.link.ether.bridge=1 * /etc/rc.conf firewall_enable="YES" firewall_type="open" firewall_quiet="YES" firewall_logging="YES" And it doesn't work. I have done a standard installation... At startup i have the error "ip_fw_ctl : invalid command" Could someone tell me where my error is ? Thanks a lot... _ MSN Messenger : discutez en direct avec vos amis ! http://www.msn.fr/msger/default.asp To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
