RE: Network configuration
From: Terrence Koeman (root_at_mediamonks.net)
Date: 07/09/04
- Previous message: José de Paula: "nvi and modelines"
- In reply to: Nathan Kinkade: "Re: Network configuration"
- Next in thread: Thomas Farrell: "Re: Network configuration"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: "'Nathan Kinkade'" <nkinkade@ub.edu.bz> Date: Fri, 9 Jul 2004 04:47:46 +0200
> -----Original Message-----
> From: nkinkade@gentoo-npk.bmp.ub
> [mailto:nkinkade@gentoo-npk.bmp.ub] On Behalf Of Nathan Kinkade
> Sent: Thursday, July 08, 2004 19:49
> To: Terrence Koeman
> Cc: freebsd-questions@freebsd.org
> Subject: Re: Network configuration
>
> On Thu, Jul 08, 2004 at 05:10:28PM +0200, Terrence Koeman wrote:
> > Hi,
> >
> > I have been busy setting up a network the last 3 days, but
> I cannot get it
> > working.
> >
> > Basically I have no clue what has to be setup etc. and if I
> need bridging or
> > not.
> >
> > The situation is as follows:
> >
> > --------------
> > | SDSL Modem |
> > | Bridged |
> > --------------
> > |
> > --------------------------
> > | xl0: 217.1.1.155 |
> > | |
> > | Freebsd Box |
> > | |
> > | xl1 |
> > --------------------------
> > |
> > ----------
> > |---------------| SWITCH |---------------|
> > | ---------- |
> > | | |
> > ------------------- ------------------- -------------------
> > | C1: 217.1.1.156 | | C2: 217.1.1.157 | | C3: 217.1.1.158 |
> > ------------------- ------------------- -------------------
> >
> >
> > The FreeBSD box has full internet connectivity and I can
> also get NAT
> > working, but the thing is that I need those non-private
> IP's bound to the
> > clients and I need ipfw between the clients and the modem.
> Also I need the
> > FreeBSD machine to have a non-private IP address. I have no
> clue as to
> > getting the packets from those clients to the internet. I
> tried bridging xl0
> > and xl1 and using 217.1.1.155 as gateway, but that didn't work.
> >
> > Maybe someone that knows how to do something like this can
> shed some light
> > on it for me?
> >
> > Thanks in advance.
> >
> > --
> > Regards,
> > Terrence Koeman
>
> You could make the FreeBSD box a bridge and still use IFPW. It really
> depends on whether you will have other clients that will NOT
> have public
> IP addresses that will need NAT - you don't specify whether
> this is the
> case. For FreeBSD to be setup as a bridge/IPFW machine you will
> minimally need a kernel compiled with the following options:
>
> options IPFIREWALL
> options BRIDGE
>
> After you have built and installed this kernel add the
> following entries
> to /etc/sysctl.conf:
>
> net.link.ether.bridge=1
> net.link.ether.bridge_cfg=xl0,xl1
> net.link.ether.bridge_ipfw=1
> net.inet.ip.fw.enable=0
>
> You will probably want to add the following lines to /etc/rc.conf so
> that some IPFW rules will be loaded at boot:
>
> firewall_enable="YES"
> firewall_type="<your fw type>"
>
> Read the firewall(7) manpage for more information.
>
> If you don't have console access to the FreeBSD machine
> beware that the
> default rule is to deny packets. Therefore if you build IPFW into the
> kernel and don't allow for some basic rules to be added at
> boot you will
> likely be locked out from anything but console access.
>
There might be more clients that will require nat later.
I tried this with:
-217.1.1.155 bound to xl0
-nothing bound to xl1
-xl0 and xl1 bridged.
-no ipfw rules and default to accept.
When I try this the box is dead, no connectivity out and 217.1.1.155 is not
reachable.
If I try the exact same setup and bind 192.168.0.1 to xl1 I can connect to
it when bridged, but the rest remains the same.
-- Regards, Terrence Koeman MediaMonks B.V. (www.mediamonks.com) Please quote all replies in correspondence. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: José de Paula: "nvi and modelines"
- In reply to: Nathan Kinkade: "Re: Network configuration"
- Next in thread: Thomas Farrell: "Re: Network configuration"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
