Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 11 Jan 1999 10:04:24 -0500
From:      Brian Gregor <bgregor@buphy.bu.edu>
To:        freebsd-questions@FreeBSD.ORG
Subject:   IPfilter & DHCP config
Message-ID:  <Pine.SGI.4.05.9901110953240.16377-100000@buphy.bu.edu>
next in thread | raw e-mail | index | archive | help 

I will shortly be converting my IP masquerading Linux box that connects
my home LAN to my cable modem provider to a FreeBSD box.  Why?  Well,
I've been convinced of fbsd's superior TCP/IP performance, I like its
upgrade system, and it gives me something to do other than Jackson's
E&M book.

I understand how to do the following: configure my two NICs, a 3Com
509 (not 509b - I know this card sucks) and an SMC 8013, install
ipfilter and set up some rules for filtering and doing NAT, and install
DHCP so that the 3Com card will get its IP address and info from the
cable modem.

Here are the steps I don't quite get (and would like to have figured 
out BEFORE I take down a working system!):

	how to get the file /etc/natrules to use the dynamically 
	assigned "real" IP address, i.e. modify a line like this:
	map ep0 10.0.0.0/8 -> 24.24.24.24/32 portmap tcp/udp 10000:65000
        where 24.24.24.24 is the IP address from DHCP.

	make sure that the two games I occasionally use online can pass
	through the firewall, quake and delta force.  I use the Linux
	kernel module for quake, and the ipautofw program for df
	currently.  Would the standard "permissive rules" in the file
	BASIC_2.FW in the ipfilter installation take care of this?

I have read through the documentation on freebsddiary.com (a great
resource!) and the mailing list archives, but this is not clear to
me.

One last thing: I'll be replacing the 3Com card in a little bit with
another SMC 8013, which is not buggy.  I assume that all I'd have to
do is add a line in my kernel config so that they'd look like this:

device ed0 at isa? port 0x280 net irq 11 iomem 0xcc000 vector edintr
device ed1 at isa? port 0x300 net irq 10 iomem 0xd0000 vector edintr

(or some combo of addresses and IRQs that won't conflict with anything)


Thank you,

Brian


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SGI.4.05.9901110953240.16377-100000>