From owner-freebsd-questions@FreeBSD.ORG Fri Jul 9 02:48:05 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 944A716A4CF for ; Fri, 9 Jul 2004 02:48:05 +0000 (GMT) Received: from mediamonks.com (siripandita.mediamonks.net [62.192.127.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 29ED043D2F for ; Fri, 9 Jul 2004 02:48:04 +0000 (GMT) (envelope-from root@mediamonks.net) Received: from manrikigusari [62.108.12.68] by mediamonks.com with ESMTP (SMTPD32-8.12) id A75435820110; Fri, 09 Jul 2004 04:47:48 +0200 From: "Terrence Koeman" To: "'Nathan Kinkade'" Date: Fri, 9 Jul 2004 04:47:46 +0200 Organization: MediaMonks B.V. MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 In-Reply-To: <20040708174925.GA24348@gentoo-npk.bmp.ub> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Thread-Index: AcRlH8Ge4tb8OCPBRI669sOk5SVnSQAPprUg Message-Id: <200407090447210.SM07768@manrikigusari> X-Info: This e-mail was scanned for spam and viruses by mail.mediamonks.net. X-Info: Please send abuse reports about this e-mail to abuse@mediamonks.net. cc: freebsd-questions@freebsd.org Subject: RE: Network configuration X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: root@mediamonks.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Jul 2004 02:48:05 -0000 > -----Original Message----- > From: nkinkade@gentoo-npk.bmp.ub > [mailto:nkinkade@gentoo-npk.bmp.ub] On Behalf Of Nathan Kinkade > Sent: Thursday, July 08, 2004 19:49 > To: Terrence Koeman > Cc: freebsd-questions@freebsd.org > Subject: Re: Network configuration > > On Thu, Jul 08, 2004 at 05:10:28PM +0200, Terrence Koeman wrote: > > Hi, > > > > I have been busy setting up a network the last 3 days, but > I cannot get it > > working. > > > > Basically I have no clue what has to be setup etc. and if I > need bridging or > > not. > > > > The situation is as follows: > > > > -------------- > > | SDSL Modem | > > | Bridged | > > -------------- > > | > > -------------------------- > > | xl0: 217.1.1.155 | > > | | > > | Freebsd Box | > > | | > > | xl1 | > > -------------------------- > > | > > ---------- > > |---------------| SWITCH |---------------| > > | ---------- | > > | | | > > ------------------- ------------------- ------------------- > > | C1: 217.1.1.156 | | C2: 217.1.1.157 | | C3: 217.1.1.158 | > > ------------------- ------------------- ------------------- > > > > > > The FreeBSD box has full internet connectivity and I can > also get NAT > > working, but the thing is that I need those non-private > IP's bound to the > > clients and I need ipfw between the clients and the modem. > Also I need the > > FreeBSD machine to have a non-private IP address. I have no > clue as to > > getting the packets from those clients to the internet. I > tried bridging xl0 > > and xl1 and using 217.1.1.155 as gateway, but that didn't work. > > > > Maybe someone that knows how to do something like this can > shed some light > > on it for me? > > > > Thanks in advance. > > > > -- > > Regards, > > Terrence Koeman > > You could make the FreeBSD box a bridge and still use IFPW. It really > depends on whether you will have other clients that will NOT > have public > IP addresses that will need NAT - you don't specify whether > this is the > case. For FreeBSD to be setup as a bridge/IPFW machine you will > minimally need a kernel compiled with the following options: > > options IPFIREWALL > options BRIDGE > > After you have built and installed this kernel add the > following entries > to /etc/sysctl.conf: > > net.link.ether.bridge=1 > net.link.ether.bridge_cfg=xl0,xl1 > net.link.ether.bridge_ipfw=1 > net.inet.ip.fw.enable=0 > > You will probably want to add the following lines to /etc/rc.conf so > that some IPFW rules will be loaded at boot: > > firewall_enable="YES" > firewall_type="" > > Read the firewall(7) manpage for more information. > > If you don't have console access to the FreeBSD machine > beware that the > default rule is to deny packets. Therefore if you build IPFW into the > kernel and don't allow for some basic rules to be added at > boot you will > likely be locked out from anything but console access. > There might be more clients that will require nat later. I tried this with: -217.1.1.155 bound to xl0 -nothing bound to xl1 -xl0 and xl1 bridged. -no ipfw rules and default to accept. When I try this the box is dead, no connectivity out and 217.1.1.155 is not reachable. If I try the exact same setup and bind 192.168.0.1 to xl1 I can connect to it when bridged, but the rest remains the same. -- Regards, Terrence Koeman MediaMonks B.V. (www.mediamonks.com) Please quote all replies in correspondence.