> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Nathan Kinkade > Sent: Thursday, July 08, 2004 19:49 > To: Terrence Koeman > Cc: [EMAIL PROTECTED] > Subject: Re: Network configuration > > On Thu, Jul 08, 2004 at 05:10:28PM +0200, Terrence Koeman wrote: > > Hi, > > > > I have been busy setting up a network the last 3 days, but > I cannot get it > > working. > > > > Basically I have no clue what has to be setup etc. and if I > need bridging or > > not. > > > > The situation is as follows: > > > > -------------- > > | SDSL Modem | > > | Bridged | > > -------------- > > | > > -------------------------- > > | xl0: 217.1.1.155 | > > | | > > | Freebsd Box | > > | | > > | xl1 | > > -------------------------- > > | > > ---------- > > |---------------| SWITCH |---------------| > > | ---------- | > > | | | > > ------------------- ------------------- ------------------- > > | C1: 217.1.1.156 | | C2: 217.1.1.157 | | C3: 217.1.1.158 | > > ------------------- ------------------- ------------------- > > > > > > The FreeBSD box has full internet connectivity and I can > also get NAT > > working, but the thing is that I need those non-private > IP's bound to the > > clients and I need ipfw between the clients and the modem. > Also I need the > > FreeBSD machine to have a non-private IP address. I have no > clue as to > > getting the packets from those clients to the internet. I > tried bridging xl0 > > and xl1 and using 217.1.1.155 as gateway, but that didn't work. > > > > Maybe someone that knows how to do something like this can > shed some light > > on it for me? > > > > Thanks in advance. > > > > -- > > Regards, > > Terrence Koeman > > You could make the FreeBSD box a bridge and still use IFPW. It really > depends on whether you will have other clients that will NOT > have public > IP addresses that will need NAT - you don't specify whether > this is the > case. For FreeBSD to be setup as a bridge/IPFW machine you will > minimally need a kernel compiled with the following options: > > options IPFIREWALL > options BRIDGE > > After you have built and installed this kernel add the > following entries > to /etc/sysctl.conf: > > net.link.ether.bridge=1 > net.link.ether.bridge_cfg=xl0,xl1 > net.link.ether.bridge_ipfw=1 > net.inet.ip.fw.enable=0 > > You will probably want to add the following lines to /etc/rc.conf so > that some IPFW rules will be loaded at boot: > > firewall_enable="YES" > firewall_type="<your fw type>" > > Read the firewall(7) manpage for more information. > > If you don't have console access to the FreeBSD machine > beware that the > default rule is to deny packets. Therefore if you build IPFW into the > kernel and don't allow for some basic rules to be added at > boot you will > likely be locked out from anything but console access. > There might be more clients that will require nat later.
I tried this with: -217.1.1.155 bound to xl0 -nothing bound to xl1 -xl0 and xl1 bridged. -no ipfw rules and default to accept. When I try this the box is dead, no connectivity out and 217.1.1.155 is not reachable. If I try the exact same setup and bind 192.168.0.1 to xl1 I can connect to it when bridged, but the rest remains the same. -- Regards, Terrence Koeman MediaMonks B.V. (www.mediamonks.com) Please quote all replies in correspondence. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
