Date: Sat, 13 Dec 2003 13:41:07 +0530 From: "Sunil Sunder Raj" <unixtools@hotmail.com> To: bugsgrief@bugsgrief.net, extech@dod.co.za Cc: questions@FreeBSD.org Subject: Re: Router/Gateway Message-ID: <BAY8-F98YARvqOPpW4600017385@hotmail.com>
next in thread | raw e-mail | index | archive | help
Hi, This is what I usually do. Here ISPIP is the IP your ISP gave you. COMPILE FIREWALL WITH cd /usr/src/sys/i386/conf cp GENERIC GATEWAY vi GATEWAY ident GATEWAY #ADDED BY SSR STARTS #TO ENABLE FIREWALL options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=0 #ID FIELDS IN IP ADDRESS TO BE RANDOM INSTEAD OF INCREMENTAL options RANDOM_IP_ID #NATTING options IPDIVERT #FOR BANDWIDTH THROTTLING options DUMMYNET #ADDED BY SSR ENDS config -r GATEWAY cd ../../compile/GATEWAY make depend make make install reboot Edit /etc/sysctl.conf net.inet.ip.forwarding=1 net.inet.ip.check_interface=1 net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 net.inet.tcp.log_in_vain=2 net.inet.udp.log_in_vain=1 Edit /etc/ipnat.conf map vr0 10.0.0.1/24 -> ISPIP/32 portmap tcp/udp 10000:60000 map vr0 10.0.0.1/24 -> ISPIP/32 Edit /etc/rc.conf gateway_enable="YES" ifconfig_rl0="inet ISPIP netmask 255.255.255.0" ifconfig_vr0="inet 10.0.0.1 netmask 255.255.255.0" firewall_enable="YES" # Set to YES to enable firewall functionality firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall firewall_type="open" # Firewall type (see /etc/rc.firewall) firewall_flags="" # Flags passed to ipfw when type is a file natd_program="/sbin/natd" # path to natd, if you want a different one. natd_enable="YES" # Enable natd (if firewall_enable == YES). natd_interface="rl0" # Public interface or IPaddress to use. Edit /etc/ipf.rules pass in all pass out all R E B O O T Regards SSR >From: horio shoichi <bugsgrief@bugsgrief.net> >To: "Extech" <extech@dod.co.za> >CC: questions@FreeBSD.org >Subject: Re: Router/Gateway >Date: Sat, 13 Dec 2003 14:31:48 +0900 > >On Thu, 11 Dec 2003 13:45:56 +0200 >"Extech" <extech@dod.co.za> wrote: > > Hello > > > > I have looked through the archives and I have read the manual (Advance >Networking) but could not find specific to address my question. > > > > I want to set up a FreeBSD 5.x box as a router/gateway on a permanent >connection with a fixed IP address, > > there will also be other machines with fixed IP addresses (not >192.168.x.x but proper IP's) > > on this network. > > > > something like this: > > > > To internet exchange on T1 Leased Line > > | > > | > > | dc0 (196.x.x.1) > > --------- > > FreeBSD > > router/ > > gateway > > --------- > > | lr0 > > | > > | > > | > > --------- > > switch/hub > > --------- > > | | > > | | > > 196.x.x.2 | | 196.x.x.3 > > -------- -------- > > Server 1 Server 2 > > -------- -------- > > > > > > Obviously I have to have two network cards in the router/gateway (dc0 >and lr0), > > I assume that I will configure dc0 with my fixed IP, but what do I do >with lr0? > > > > Can somebody please point me in the right direction. > > > > Thanks > > extech > > > > > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to >"freebsd-questions-unsubscribe@freebsd.org" > > > >A popular solution is the route/gateway not have ip addresses that belong >to >allocated global ips, and use bridge configuration. > >If bridging is inadequate in your case, the thing pretty much depends on >the "cloud" one hop away from dc0 interface. Describe it (modem/router, > configuable/not, etc). > > >horio shoichi > >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to >"freebsd-questions-unsubscribe@freebsd.org" _________________________________________________________________ Don’t miss out on jobs that are not advertised. http://go.msnserver.com/IN/38902.asp Post your CV on naukri.com today.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY8-F98YARvqOPpW4600017385>