Date: Tue, 14 Oct 2008 04:42:06 -0700 From: Chris Pratt <eagletree@hughes.net> To: questions@freebsd.org Subject: Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system Message-ID: <463BCCC4-C6F3-4A80-B6CB-6711EF46EF96@hughes.net> In-Reply-To: <48F43EB1.40304@gmail.com> References: <48F43EB1.40304@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Oct 13, 2008, at 11:39 PM, Manish Jain wrote: > > Hi, > > I am poor at networking and need a little bit of help. My dad has a > Windows 2000 machine with a network card but does not have a > connection to the internet. My freebsd 6.2 box is connected to the > internet and has 2 network cards, rl0 and rl1. rl0 connects to the > ISP and rl1 is directly connected via a long Ethernet cable to the > NIC on my dad's machine. While I can access the internet easily, I > want my dad to be able to connect to the internet with my freebsd > box serving as the gateway. Can anyone please explain to me in easy > steps how to accomplish this ? > > Thanks in advance for any help. Here is an alternative if there is no actual requirement for routing. It works on 6.2. If your network already has a router/firewall/NAT dhcp server (e.g., a Linksys, netgear router, a satellite modem, etc), investigate the use of if_bridge rather than attempt to use NAT and routing. This eliminates a number of issues that you will find difficult as someone new to networking and possibly FreeBSD. This allows you to make your FreeBSD machine transparent to the network as if the W2K box were another peer (in many ways). The benefits would be not having to proxy the private addresses/serve dhcp while maintaining your existing hardware set up. I add in "options if_bridge" to the kernel and rebuild though it can be loaded dynamically at boot. Your rc.conf entries would look something like this given a router to this ISP using a 192.168.1.0 private network space. # the FreeBSD <-> ISP NIC card ifconfig_rl0="inet 192.168.1.2 netmask 255.255.255.0" # the ISP Router connection to the LAN defaultrouter="192.168.1.1" gateway_enable="YES" #rl0 is the WAN Facing nic. #rl1 is the second nic to other computers. This connects to switch or crossover # note that no address is set for rl1, it serves no purpose # the media statements are just shown to reflect rl1s existence # and other settings it may need ifconfig_rl1="up media 100baseTX mediaopt full-duplex" cloned_interfaces="bridge0" ifconfig_bridge0="addm rl0 addm rl1 up" Look at man if_bridge for sysctl.conf entries that may be needed. They determine what is passed on the bridge and can easily block necessary traffic if not set correctly. For my purposes, I found the following necessary: net.link.bridge.ipfw=1 net.link.bridge.ipfw_arp=1 These allow me to control the traffic within ipfw which makes me more comfortable than passing everything. Once a simple bridge is functional, investigate the entries necessary to further inhibit traffic using ipfw. This can be quite helpful in protecting a W2K box which is likely weak in it's security. The combination of these two products is thought of as a transparent firewall and is quite effective. It serves as a foundation for more complex configurations up to a complete Intrusion Detection System using snort_inline which can actually filter and drop virus signatures headed for the weaker windows platforms. Documentation is quite weak out there on this configuration but I can provide basic examples of ipfw commands to monitor, allow and deny traffic using ipfw and if_bridge. I'm unable to accurately provide this on the fly though. What some people do, is build a set of rules early in the ipfw ruleset to handle all traffic associated with the local FreeBSD computer's use of the net and separate traffic for the bridge into in and out sections (e.g. use of skipto). Then you can allow or deny what goes to and comes from the W2K box/other workstations, just like you do to the local machine. There is some minimal info here: http://www.freebsd.org/doc/en/books/handbook/network-bridging.html > > Manish Jain > unxfbsdi@gmail.com > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?463BCCC4-C6F3-4A80-B6CB-6711EF46EF96>