HARDWARE INFO:
rl0 – NIC facing the 192.168.0.0 network
xl0 – NIC facing the 192.168.1.0 network
xl1 – NIC facing the modem
tun0 – The virtual NIC used by PPP, facing the outside
SECTION 1: PRELIMINARY SETUP
- Install FreeBSD
- Enable the rl0 network card and give it an address by adding the following line to /etc/rc.conf
this is a temporary address, and we’re doing this so we can log into the computer via SSH for convenience.ifconifg_rl0="inet 192.168.0.10 netmask 255.255.255.0"
- Enable the xl0 network card and give it an address by adding the following line to /etc/rc.conf
ifconifg_xl0="inet 192.168.1.1 netmask 255.255.255.0"
- Set the defaultrouter in /etc/rc.conf to the address of the existing router:
defaultrouter="192.168.0.1"
- Set the nameserver in resolv.conf to the address of the exisitng name server:
nameserver 192.168.0.1
- In /etc/rc.conf enable the gateway function of FreeBSD by adding this line:
gateway_enable=YES
SECTION 2: SETTING UP IPNAT
- Making FreeBSD load the IPNAT kernel module on bootup is easy, simply add this line to rc.conf:
ipnat_enable="YES"
- Create the IPNAT configuration file /etc/ipnat.rules
- Add the two lines in /etc/ipnat.rules that are for outgoing connections:
map tun0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp/udp 40000:65000 map tun0 192.168.0.0/16 -> 0.0.0.0/32
- Add any redirection lines you may want. They take the following form:
rdr [INCOMING INTERFACE NAME] [INCOMING IP ADDRESS/(32 FOR PUBLIC / 16 FOR PRIVATE)] port [PORT] -> [IP ADDRESS OF MACHINE YOU WANT TO FORWARD TO] port [PORT]
An example, used for a webserver:
rdr tun0 70.232.254.2/32 port 80 -> 192.168.1.90 port 80
- After every time you alter the /etc/ipnat.rules file and want the changes to take effect, use the following commands:
To clear the current settings:
#ipnat -C
To load the new settings:
#ipnat -f /etc/ipnat.rules
To view the current settings:
#ipnat -l
SECTION 3: SETTING UP THE DHCP SERVER
- Grab and decompress the ports tree:
#cd /usr #fetch ftp://ftp.freebsd.org/pub/FreeBSD/ports/ports/ports.tar.gz #tar xvfz ports.tar.gz
- rc.subr capability is needed for ISC DCHP server, so install it from the ports:
#cd /usr/ports/sysutils/rc_subr #make install clean
- Install ISC DHCPD from the ports:
#cd /usr/ports/net/isc-dhcp3-server #make install clean
- Configure DHCPD:
edit /usr/local/etc/dhcpd.conf so it looks like the following:#ee /usr/local/etc/dhcpd.conf option domain-name "example.com"; option domain-name-servers 206.141.193.55; #a valid DNS server, given by your ISP option subnet-mask 255.255.255.0; default-lease-time 86400; max-lease-time 86400; ddns-update-style none; subnet 192.168.0.0 netmask 255.255.255.0 { range 192.168.0.150 192.168.0.200; #the range of IPs you want it to give out option routers 192.168.0.1; }
- To make DHCPD start on boot add the following line to /etc/rc.conf:
dhcpd_enable="YES"
SECTION 4: SETTING UP THE FORWARDING DNS SERVER
- Configure DNS forwarding:
edit the file /etc/namedb/named.conf:#ee /etc/namedb/named.conf
uncomment where it says “forward only” and “forwarders” and place one of your ISP’s DNS servers between the forwarders brackets.
- To make the name server start at boot add the following line to /etc/rc.conf:
named_enable="YES"
SECTION 5: SETTING UP PPPoE
- PPPoE’s configuration file is /etc/ppp/ppp.conf, edit it:
#ee /etc/ppp/ppp.conf default: set device PPPoE:xl1 #xl1 is the NIC the modem is connected to set speed sync set mru 1492 set mtu 1492 set ctsrts off enable lqr set log phase tun add default HISADDR #grabs the ISP's gateway's address and makes it your defaultrouter nat enable no att: set authname USERNAME #Replace USERNAME with your ISP login name set authkey PASSWORD #Replace PASSWORD with your ISP login password
- Run PPP manually if you want to test it out:
the commands form is /usr/sbin/ppp -MODE -PROFILE, in our case, we want it to run in the background and use the profile ‘att’, which we defined in the config file.
#/usr/sbin/ppp -background att
- Making it so that PPP runs on boot:
add the following lines to /etc/rc.conf:ppp_enable="YES" #so that PPP starts ppp_nat="NO" #IPNAT does our NAT, so we don't want this ppp_profile="att" #use the 'att' profile ppp_mode="ddial" #this mode makes ppp reconnect when disconnected
SECTION 6: FINAL STEPS
- Change the address of the interface facing the internal network 192.168.0.0
#ifconfig rl0 inet 192.168.0.1 netmask 255.255.255.0 #ee /etc/rc.conf ifconifg_rl0="inet 192.168.0.1 netmask 255.255.255.0"
- Comment out or delete the defaultrouter”192.168.0.1″ line in /etc/rc.conf
- Put the address of your ISP’s DNS server(s) in /etc/resolv.conf
#nameserver 206.141.193.55
- Hook it up!