Date: Thu, 6 Jun 2002 21:50:12 -0700 From: "Aaron Burke" <aburke@nullplusone.com> To: "FreeBSD-Questions" <freebsd-questions@freebsd.org>, "Corey Snow" <corey@snowpoint.com> Subject: RE: Bridging Firewall Message-ID: <NGBBLCIHCLNJAIGIFFHJMEIECEAA.aburke@nullplusone.com> In-Reply-To: <3CFFB86C.31738.5BECA9F@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
<snip> > So I'm being a total masochist. I've never used FreeBSD before, and > got it installed on a truly ancient 486 DX2/66 with 32 MB RAM > yesterday night. It seems to run well (a helluva lot faster than I > thought it would on such ancient hardware) and I'm pleased so far. > I'm reasonably certain it can handle what I want it to do, based on > the research I've done. I was surprised at how little horsepower it > takes to run a decent firewall. FreeBSD was my first version of unix, and it runs great on my Pentuim 233-mmx. > > Goal: To add a second NIC to this beast (it has one currently) and > turn it into a bridging firewall using ipfw and the bridging kernel > options. I've never built a custom kernel before, so I'm diving in, > waiting for the appropriate chapters to get spat out of the printer > before going any further. :) Ok, You will need to recompile the kernel with support for the other NIC. Since its going to run the ed? driver, you will basically copy much of the existing ed0 code to ed1. device ed0 at isa? port 0x300 irq 10 iomem 0xd8000 # change the port ???, irq ?? and iomem ?????? to match the # settings on your other nic hardware. I think that PCI nics # wouldnt need this info, but since they are ISA, you will # need to change these. device ed1 at isa? port 0x??? irq ?? iomem 0x????? > > Secondary Goal: To add support for my Panasonic CDROM drive, which is > accessed through an old Creative Labs SoundBlaster. I don't care > about sound support, and I haven't installed X (don't need it on a > firewall box) so the only reason the card is in the machine is that > it can't be driven by any other type of card (even though it has a 40- > pin interface like an IDE drive- that was quite annoying). Because the CDROM is being driven by your sound card, you will have to make a kernel config change. Be aware that this may not be suppored by FreeBSD. > I think I'm pretty comfortable with the process as described, and > worst-case is I have to blow my install away and start over (no big > deal at this stage). However, there's one question I'm not certain > about. > > If I want to add a second ISA Ethernet NIC (I have two GeniusLAN > 10BaseT NICS that work as NE2000 NICS) do I have to run the MAKEDEV > shell script before or after rebuilding the kernel, or does it > matter? I assume it's after, from what I've read. Anyway, the plan is > to back up my kernel, follow the directions on the web site and > configure an new one, rebuild, then use MAKEDEV to add the second > NIC. After that, assuming it all goes well, I guess I'll start > playing with bridging and the firewall rules on a dummy network I > have here. I am not completly sure on this, but I dont think that you will even have to mess with /dev/MAKEDEV for this issue. If I am wrong, just re-ask this list. Someone else would know for sure. > Comments, suggestions, and/or belly laughs at my ignorance would be > appreciated. :) > > Thanks, No problem. And let me describe how to modify the kernel. You must have the kernel sources installed. cd /sys/i386/conf cp GENERIC YourKernelName vi YourKernelName # make changed for ed1, and feel free to trim a bunch of # useless code in here after you have a working box. When # done save and exit vi (or your favorite editor). config YourKernelName # this will build some info for your source. cd ../../compile/YourKernelName make depend make make install # under an optimized kernel this will take about 15 min on # my pentium 233-mmx with 64mb ram. if all goes well, then reboot and you should now have a ed1 network interface. Run ifconfig it will tell you if the computer found the card. > Corey Snow To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NGBBLCIHCLNJAIGIFFHJMEIECEAA.aburke>