Re: DSL + FreeBSD

From: Robert Downes (nospamplease_at_see.my.signature.con)
Date: 06/11/04 

Date: Fri, 11 Jun 2004 14:24:22 +0100

Yeah, you can just get a 'modem' (they're not technically modems
anymore, but I don't know the right word for a digital communication
device used to talk to an ISP) that has an RJ45 port or two (or four)
spare, then cable that into a NIC on your FreeBSD machine.

I'm doing just that with a D-Link DSL-504 'modem'/router/4-port-switch
and a fanless FreeBSD box that I've configured as a gateway. I've got
two NICs, one to the ADSL 'modem' (that word's beginning to bug me) and
one to the 8-port switch that all the old machines that (will soon) use
to share net access. Then you set options in rc.conf such as

    gateway_enable="YES"
    ifconfig_rl0="inet 192.168.0.1 mask 255.255.0.0" #public-facing NIC
    ifconfig_vr0="inet 192.168.1.1 mask 255.255.255.0" #private-facing
    natd_enable="YES"
    natd_interface="rl0"

Something like that (but you ought to check syntax, etc). You only need
to use NAT if you have any machines on the private network and they
don't have their own 'real' public IP address. If you do have private
(usually 192.168) addresses, you need NAT and, seeing as you're using
direct access on an Ethernet port, and not User PPP, you have to enable
NAT in the kernel and recompile. This actually turns out to mean that
you need to enable IPFW and IP diverting with the kernel options

    options IPFIREWALL
    options IPDIVERT

Again, you're well advised to look into this for yourself to check
syntax and setup-specific details, etc. (For instance, you need to add a
divert rule to IPFW to allow NAT to do it's magic.) Then you tell your
private network machines to use IP addresses in the 192.168.1 network
with netmask 255.255.255.0, and tell them to use 192.168.1.100 as
gateway and (unless you configure BIND as a nameserver on your FreeBSD
gateway) your ISP's DNS address, and you should be off to a good start.
Then you have the fun of reading up on network security for
gateways/routers and nameservers, etc. Of course, if you buy the D-Link
DSL-504 you can just plug each machine into that and let that handle
NAT, DHCP and so on. But where would the fun be in that?

But, in summary, yes it is possible to do what you asked about. 

-- 
Bob
London, UK
echo Mail fefsensmrrjyaheeoceoq\! | tr "jefroq\!" "@obe.uk"

Relevant Pages

  • Re: newbe wants to set up high secue network =)
    ... Yeah that's true it's stopping unsolicted inbound traffic to the machines ... because of the NAT. ... > the modem will be scanned. ... Some people like to go with a host based FW solution on the machines ...
    (comp.security.firewalls)
  • Re: Wireless Network Design
    ... But since this modem does NAT, ... If for example the DSL modem is setup to only NAT 192.168.0..0/24 then ... Wireless Rtr 1 ... Both routers would provide DHCP addresses for their respective ...
    (comp.dcom.sys.cisco)
  • Re: History AT&T early modem developments? [telecom]
    ... inter-operate with the 3-row machines running at 60-speed, ... the Teletype 33 ASRs we used for computer time sharing ... Our later Teletype 33s didn't have the automatic modem. ... Ward couldn't cure the problem for me: ...
    (comp.dcom.telecom)
  • Re: Linksys WRT54G v5 not forwarding ports to wireless?
    ... Then then modem is doing NAT. ... modem i forward port 7778 to ... Then on the WRT54G I forward port 7778 to ...
    (alt.internet.wireless)
  • Re: Best fax modem settings to receive from multifunction devices?
    ... On compatibility with other machines, I find that turning ECM *OFF* works ... If speeds do not matter, why do MVPs ... I also switched between that one and the motherboard serial port (this ... defaults, reset the COM ports to default, reset the Modem speed to ...
    (microsoft.public.windows.server.sbs)