Re: Windows client - internet connection sharing
Thank you Matthew. a big help! On Tue, 16 Dec 2003 15:18:08 + Matthew Seaman [EMAIL PROTECTED] wrote: On Mon, Dec 15, 2003 at 07:40:14PM +0200, Gareth Bailey wrote: Is it possible to set up a freebsd server connected to an ADSL line to provide internet access via LAN to a number of Windows clients. I don't know where to start. Any information in this regard will be greatly appreciated. Yes, absolutely. However, there are such a huge number of variations on possible ways of doing that that it's impossible to describe everything you'ld need to know in a simple e-mail. Lets look at a few questions you'ld need to answer: 1) ADSL router or modem? This is all about how you interface your FreeBSD system to ADSL -- the basic choice is between a router: a standalone unit which you plug the phone line into one side of, and an ethernet cable into the other -- or a modem: this is a device that plugs into a serial or USB port on your FreeBSD box. Routers will work entirely independently of your FreeBSD machine. Since your connection to them is via ethernet, there's practically no compatibility problems. Depending on how much money you spend, your can get routers which provide packet filtering, network and port address translation, DNS, DHCP and various other capabilities -- although if you go to the expense of buying a really capable router there's not much left to do for your FreeBSD box. Modems are the other end of this scale: you need to find a device for which appropriate drivers are available under FreeBSD. Once you've got the modem connected up, you'll need to use the attached FreeBSD box to provide appropriate functionality to make a practicable ADSL connection. This includes running PPPoA or PPPoE (A = ATM, E = Ethernet: all ADSL in the UK is PPPoA, other countries do things differently) to establish networking into your service provider. You would use the standard FreeBSD stuff to do NAT and firewall packet filtering, and you can install DHCP servers and so forth. Effectively the FreeBSD box + modem takes the place of the standalone router above. 2) What sort of address space do you want to have assigned to you from your ISP? The cheapest ADSL accounts give you a single Internet-routable IP number, usually assigned via DHCP. There can be an implicit assumption that you've basically got just one machine you want to have net access, although this is becoming less common nowadays. Lots of ISPs will give you two addresses: this is intended to give you an address for the router box, plus an address for a real PC. Next step up is to get that one or two addresses permanently assigned to you. Beyond that, you can get a routed connection -- you get a small net block permanently assigned to you, as well as the single IP used for the WAN side of your router. This enables you to set up a 'DMZ' network, and for instance have several servers visible on the Internet. Many ISPs will have local policies forbidding you from running servers of various sorts, mostly as a way of protecting the ISP from the awful consequences of allowing Windoze machines out on the open Internet in the hands of the clueless. 3) A consequential decision related to the above: do you want some or all of your Windows (or other) LAN machines to have Internet routable addresses or to run Internet visible services? There's several ways of doing this: DMZ network -- classic firewall design. Here the Internet accessible machines are kept on a separate small sub-net, and you have a second packet-filtering router (generally a machine with a couple of network cards, running natd and ipfw or similar) between that and your private internal network. Packet filtering bridge -- similar to the above, except that the DMZ is and the internal private stuff are now technically on the same subnet, and your packet filter serves to separate public and private parts of the subnet. This is a much harder setup to get working effectively and securely than either of the other two, so use only as a last resort. NAT address proxying -- your NAT gateway has one or more IP addresses assigned and the NAT gateway knows how to forward incoming connections to an internal server. Or you run proxy servers on the Internet visible addresses which will accept incoming connections and relay them to the real servers on the internal network. Taken to the extreme, you could use this sort of setup to do load balancing and other fancy networking tricks, but you'ld probably have to spend $$$ to by the right sort of hardware load balancing kit needed. 4) From the
Windows client - internet connection sharing
Is it possible to set up a freebsd server connected to an ADSL line to provide internet access via LAN to a number of Windows clients. I don't know where to start. Any information in this regard will be greatly appreciated. Thanks Gareth Bailey ___ Look Good, Feel Good www.healthiest.co.za ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Windows client - internet connection sharing
Yes this is done all the time. Start by reading the FBSD handbook at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Gareth Bailey Sent: Monday, December 15, 2003 12:40 PM To: [EMAIL PROTECTED] Subject: Windows client - internet connection sharing Is it possible to set up a freebsd server connected to an ADSL line to provide internet access via LAN to a number of Windows clients. I don't know where to start. Any information in this regard will be greatly appreciated. Thanks Gareth Bailey ___ Look Good, Feel Good www.healthiest.co.za ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Windows client - internet connection sharing
On Mon, Dec 15, 2003 at 07:40:14PM +0200, Gareth Bailey wrote: Is it possible to set up a freebsd server connected to an ADSL line to provide internet access via LAN to a number of Windows clients. I don't know where to start. Any information in this regard will be greatly appreciated. Yes, absolutely. However, there are such a huge number of variations on possible ways of doing that that it's impossible to describe everything you'ld need to know in a simple e-mail. Lets look at a few questions you'ld need to answer: 1) ADSL router or modem? This is all about how you interface your FreeBSD system to ADSL -- the basic choice is between a router: a standalone unit which you plug the phone line into one side of, and an ethernet cable into the other -- or a modem: this is a device that plugs into a serial or USB port on your FreeBSD box. Routers will work entirely independently of your FreeBSD machine. Since your connection to them is via ethernet, there's practically no compatibility problems. Depending on how much money you spend, your can get routers which provide packet filtering, network and port address translation, DNS, DHCP and various other capabilities -- although if you go to the expense of buying a really capable router there's not much left to do for your FreeBSD box. Modems are the other end of this scale: you need to find a device for which appropriate drivers are available under FreeBSD. Once you've got the modem connected up, you'll need to use the attached FreeBSD box to provide appropriate functionality to make a practicable ADSL connection. This includes running PPPoA or PPPoE (A = ATM, E = Ethernet: all ADSL in the UK is PPPoA, other countries do things differently) to establish networking into your service provider. You would use the standard FreeBSD stuff to do NAT and firewall packet filtering, and you can install DHCP servers and so forth. Effectively the FreeBSD box + modem takes the place of the standalone router above. 2) What sort of address space do you want to have assigned to you from your ISP? The cheapest ADSL accounts give you a single Internet-routable IP number, usually assigned via DHCP. There can be an implicit assumption that you've basically got just one machine you want to have net access, although this is becoming less common nowadays. Lots of ISPs will give you two addresses: this is intended to give you an address for the router box, plus an address for a real PC. Next step up is to get that one or two addresses permanently assigned to you. Beyond that, you can get a routed connection -- you get a small net block permanently assigned to you, as well as the single IP used for the WAN side of your router. This enables you to set up a 'DMZ' network, and for instance have several servers visible on the Internet. Many ISPs will have local policies forbidding you from running servers of various sorts, mostly as a way of protecting the ISP from the awful consequences of allowing Windoze machines out on the open Internet in the hands of the clueless. 3) A consequential decision related to the above: do you want some or all of your Windows (or other) LAN machines to have Internet routable addresses or to run Internet visible services? There's several ways of doing this: DMZ network -- classic firewall design. Here the Internet accessible machines are kept on a separate small sub-net, and you have a second packet-filtering router (generally a machine with a couple of network cards, running natd and ipfw or similar) between that and your private internal network. Packet filtering bridge -- similar to the above, except that the DMZ is and the internal private stuff are now technically on the same subnet, and your packet filter serves to separate public and private parts of the subnet. This is a much harder setup to get working effectively and securely than either of the other two, so use only as a last resort. NAT address proxying -- your NAT gateway has one or more IP addresses assigned and the NAT gateway knows how to forward incoming connections to an internal server. Or you run proxy servers on the Internet visible addresses which will accept incoming connections and relay them to the real servers on the internal network. Taken to the extreme, you could use this sort of setup to do load balancing and other fancy networking tricks, but you'ld probably have to spend $$$ to by the right sort of hardware load balancing kit needed. 4) From the point of view of the private side of your network, the FreeBSD box should minimally appear as the default gateway to the Internet. You can assign IP addresses and other configuration parameters to each machine manually or you can run various
RE: Windows client - internet connection sharing
YES, it is possible. You probably want to start at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routin g.html. Otherwise, there are many howtos and tutorials on setting up a gateway. There is also an option in /stand/sysinstall under networking to 'make this computer act as a gateway,' which you may want to check out. HTH Eric F Crist President AdTech Integrated Systems, Inc (612) 998-3588 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gareth Bailey Sent: Monday, December 15, 2003 11:40 AM To: [EMAIL PROTECTED] Subject: Windows client - internet connection sharing Is it possible to set up a freebsd server connected to an ADSL line to provide internet access via LAN to a number of Windows clients. I don't know where to start. Any information in this regard will be greatly appreciated. Thanks Gareth Bailey ___ Look Good, Feel Good www.healthiest.co.za ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
