From owner-freebsd-questions@FreeBSD.ORG Tue Oct 14 12:11:01 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D97C0106569F for ; Tue, 14 Oct 2008 12:11:01 +0000 (UTC) (envelope-from bthielsen@safarivideonetworks.com) Received: from smtp.ltn.lvc.com (static-66-14-195-72.bdsl.verizon.net [66.14.195.72]) by mx1.freebsd.org (Postfix) with ESMTP id 751EA8FC19 for ; Tue, 14 Oct 2008 12:11:01 +0000 (UTC) (envelope-from bthielsen@safarivideonetworks.com) Received: from localhost (localhost [127.0.0.1]) by macgyver.ltn.lvc.com (Postfix) with ESMTP id B8BBA6A0BF9 for ; Tue, 14 Oct 2008 08:11:00 -0400 (EDT) X-Virus-Scanned: Debian amavisd-new at macgyver.ltn.lvc.com Received: from macgyver.ltn.lvc.com ([127.0.0.1]) by localhost (macgyver.ltn.lvc.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id OTZb1uhmyg0A for ; Tue, 14 Oct 2008 08:11:00 -0400 (EDT) Received: from heliax.ltn.lvc.com (heliax.ltn.lvc.com [10.10.101.200]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by macgyver.ltn.lvc.com (Postfix) with ESMTPSA id C9FAA6A0BFC for ; Tue, 14 Oct 2008 08:10:42 -0400 (EDT) Message-Id: <00F22CA4-ABCE-4ED4-9D95-D29C38CD80E7@safarivideonetworks.com> From: benjamin thielsen To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v929.2) Date: Tue, 14 Oct 2008 08:10:42 -0400 References: <48F43EB1.40304@gmail.com> X-Mailer: Apple Mail (2.929.2) Subject: Re: How to get my Dad's Win2k system to access internet through my FreeBSD 6.2 system X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: nightrecon@verizon.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2008 12:11:02 -0000 Manish Jain wrote: > > Hi, > > I am poor at networking and need a little bit of help. My dad has a > Windows 2000 machine with a network card but does not have a > connection > to the internet. My freebsd 6.2 box is connected to the internet and > has > 2 network cards, rl0 and rl1. rl0 connects to the ISP and rl1 is > directly connected via a long Ethernet cable to the NIC on my dad's > machine. While I can access the internet easily, I want my dad to be > able to connect to the internet with my freebsd box serving as the > gateway. Can anyone please explain to me in easy steps how to > accomplish > this ? > Although to many old-timers this is easily achieved, to someone new to networking it is difficult to explain it in "easy steps". It involves a set of pieces that have to fit together correctly in order to work. You will need to do some proper reading on the underlying concepts first. First, establish that there exists basic network connectivity between your machine and your dads. You may need to use a crossover cable. You will want to assign a static IP address in the "Private" IP space range to your rl1 interface. This is also known as RFC 1918. You will also want to manually configure a static IP on your dad's machine that is in the same network, instead of allowing it to come up on the link.local of 169.254.x.x. An example would be your rl1 == 192.168.10.1 netmask 255.255.255.0 and your dad's machine == 192.168.10.2 netmask 255.255.255.0. For DNS at this stage you can use hosts files on each host for name resolution. Ensure that each machine can be ping'd by the other. Next, you will want to configure your FreeBSD machine as a NAT gateway. In your /etc/rc.conf you will want something like gateway_enable="YES" and some form of firewall initialization[1]. The gateway_enable is what allows the forwarding of packets between your rl0 and your rl1, but the activation of NAT functionality is usually a function contained within a firewall. So conceptually, the firewall will be "in between" rl0 and rl1. There are three different firewalls you can choose from. Configuring the firewall is usually where the inexperienced get stuck. This subject material is beyond the scope of this missive, and you would do well to start reading in the Handbook. But essentially, when you configure NAT in the firewall your rl0 (connected to the ISP) will be assigned a "Public" IP address and the NAT function will translate between "Public" and "Private". The next sticky point that will happen, should you get this far, is name resolution. You will want to place the IP addresses of the name servers of your ISP in your /etc/resolv.conf. You will also want to enter these into the TCP configuration of your dad's machine. In addition, on your dad's machine you will enter the IP address you used on your rl1 as the "default route". The subject is much too broad for exhaustive coverage here. If your DSL/Cable modem has router ports on it, it might just be easier to plug your dad's machine up there and forget about all of this. Much reading will be required of you, and once you know most of it then you will know what specific questions to ask when you encounter sticking points. This is intended only as a very generic form of overview. -Mike [1] For example, a couple of lines from my /etc/rc.conf: pf_enable="YES" pf_rules="/etc/pf.conf" pf_flags="-e" pflog_enable="YES" pflog_logfile="/var/log/pflog" pflog_flags="" and the NAT line from my /etc/pf.conf: nat on $ExtIF inet from $INTERNAL to any -> ($ExtIF) Please note that these are for illustrative purposes only, and by themselves will do nothing for your specific situation. There is much more that you will have to dig out of the documentation, understand, and configure appropriately. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org "