Re: building a routing machine
> Hi folks,
hi, man.
>
> I've enabled routed on both systems, (-s on the webserver, -q on the
it not necessary at all!
set your default router in rc.conf (ask your University admin about its IP)
you just look at "sysctl -a net.inet.ip.forwarding"
if it equals "0" then "sysctl -w net.inet.ip.forwarding=1"
(in rc.conf this variable is set by gateway_enable="YES")
then you need a natd
just "touch /etc/natd.conf" and edit it so that it contained something like
log yes
#log_denied yes
port 8668
use_sockets yes
same_ports yes
unregistered_only yes
alias_address ???.???.???.??? #your PUBLIC IP
###
#EOF
###
run natd "/sbin/natd -f /etc/natd.conf &"
edit /etc/rc.firewall to contain approximately the following
#!/bin/sh
/bin/echo -n "Firewall... "
Flush All Chains And Pipes
/sbin/ipfw -q -f flush
/sbin/ipfw -q -f pipe flush
lo0 ###
/sbin/ipfw -q add 1 allow ip from 127.0.0.1 to 127.0.0.1 via lo0
public #
/sbin/ipfw -q add 2 divert natd all from any to any in recv fxp0 #change
fxp0 to your NIC name
/sbin/ipfw -q add 3 divert natd all from any to any out xmit fxp0
#change fxp0 to your NIC name
Firewall (icmp) ###
# /sbin/ipfw -q add 65527 deny icmp from any to ${LocalNET}
# /sbin/ipfw -q add 65528 deny icmp from ${LocalNET} to any
/sbin/ipfw -q add 65529 allow icmp from any to any
Firewall Logging ###
/sbin/ipfw -q add 65530 deny log all from any to any ipopt rr
/sbin/ipfw -q add 65531 deny log all from any to any ipopt ts
/sbin/ipfw -q add 65532 deny log all from any to any ipopt ssrr
/sbin/ipfw -q add 65533 deny log all from any to any ipopt lsrr
/sbin/ipfw -q add 65534 deny log all from any to any
echo " configured."
###
(this is a fragment of my ip.firewall which is too long to quote here...)
and execute the file (chmod 500 rc.firewall, you know, first... ;))
it should work. if not, ufff... than you will have to rebuild the FBSD
kernel with IPDIVERT, IPFIREWALL and things, and things, and things... and
repeat the said above...
I envy you if you're gonna do the kernel rebuid for the first time :) it's a
fascinating, absorbing and captivating procedure like playing chess with a
very strong chessplayer :)
see here
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-confi
g.html
and good luck!!!
--
Error Code=-1 Continue?
Yes | No
--
> desktop) but that doesn't seem to be enough. I've read something about
> routing and gateways in the handbook, but I didn't quite get it. So can
> anyone help me out?
>
> Please CC me, I'm not (anymore) a user on this list. Thanks!
>
> --
> tcGB <>< Fi-Ji ><>
>
> ___
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
"[EMAIL PROTECTED]"
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: building a routing machine
On Fri, Jul 18, 2003 at 03:56:53AM +, Frans-Jan v. Steenbeek wrote: > > my webserver has two LAN-cards, my desktop has one. My question is: how > do I connect these two with eachother so that both PC's can reach > internet? > > I've enabled routed on both systems, (-s on the webserver, -q on the > desktop) but that doesn't seem to be enough. I've read something about > routing and gateways in the handbook, but I didn't quite get it. So can > anyone help me out? You'd only use routing if each PC had a public IP address, and one address was routed (upstream from your pair of machines) to the other. If you have only one IP address, that address needs to be on the server with two NICs, and you need to set up a *private* network for the communication between your two machines. You'll sort of turn your web server into a firewall, rather than a router. To connect to the Internet in general from your desktop, you'll probably want to run natd. The man page for natd should be your starting point. -- Paul Chvostek <[EMAIL PROTECTED]> it.canadahttp://www.it.ca/ Free PHP web hosting!http://www.it.ca/web/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: building a routing machine
Have a look at man natd, then come back with more questions. Tim Kellers CPE/NJIT On Thursday 17 July 2003 11:56 pm, Frans-Jan v. Steenbeek wrote: > Hi folks, > > I'm an active user of FreeBSD for quite some time now, and I'm not a > full newbie anymore, except for this part: > > I now have two PC's running, one is intended to be a webserver and the > other is my desktop-PC. I'm connected to the internet using a city-wide > network the university here offers. So I can use DHCP and TCP to connect > one PC to the net. > > my webserver has two LAN-cards, my desktop has one. My question is: how > do I connect these two with eachother so that both PC's can reach > internet? > > I've enabled routed on both systems, (-s on the webserver, -q on the > desktop) but that doesn't seem to be enough. I've read something about > routing and gateways in the handbook, but I didn't quite get it. So can > anyone help me out? > > Please CC me, I'm not (anymore) a user on this list. Thanks! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
building a routing machine
Hi folks, I'm an active user of FreeBSD for quite some time now, and I'm not a full newbie anymore, except for this part: I now have two PC's running, one is intended to be a webserver and the other is my desktop-PC. I'm connected to the internet using a city-wide network the university here offers. So I can use DHCP and TCP to connect one PC to the net. my webserver has two LAN-cards, my desktop has one. My question is: how do I connect these two with eachother so that both PC's can reach internet? I've enabled routed on both systems, (-s on the webserver, -q on the desktop) but that doesn't seem to be enough. I've read something about routing and gateways in the handbook, but I didn't quite get it. So can anyone help me out? Please CC me, I'm not (anymore) a user on this list. Thanks! -- tcGB <>< Fi-Ji ><> ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
