setting up dual NICs (newbie)

[daljian]

I want this:
gateway -> (NIC_1) freeBSD gateway (NIC_2) -> internal LAN
I have this:
gateway -> (NIC_1) freeBSD ...

I can reach internet with the freeBSD computer, but I need to stup NIC_2 so that the freeBSD computer can become gateway for the internal LAN.
The internal LAN is a single computer running windows 2000.

 

[rycamor]

You need to recompile your kernel to run as a firewall, with NAT (network address translation). Then you can separate your private LAN from the external IP address.

There are two major software packages for FreeBSD that can run a NAT firewall: ipfw, and ipfilter. I personally have only used ipfw. Search this forum and perhaps

http://forums.devshed.com/

for the words ipfw, ipfilter, and natd. (natd is the actual daemon that runs the address translation)

Here are a some good links:

http://www.onlamp.com/pub/a/bsd/2001/04/25/FreeBSD_Basics.html

http://www.defcon1.org/html/NATD-config/firewall-setup/ipfw-1.html

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-building.html

-------------------------------------------

"Calculus is just the meaningless manipulation of higher symbols"
                          -unknown F student

 

[echoecho]

rycamor know his stuff, he has helped me with a similar setup (xl0 not x10) ;-)

 

[12122053]

Hey echoecho im having similar problems with my ethernet interface. Show's up x10 , what's the correct command to configure the interface( ifconfig x10?) Thanks

 

[echoecho]

it is not x(one)0, it is x(elle)o (xl0)

 

[xazax]

Some people may eat me alive for saying the following.

You dont need to configure a firewall before setting up dual nics.

In fact you dont even need to recompile your kernel to do anything.

Just stick with what you probabley did first, which was installing the system with the nics preinstalled and let the system installation detect them and give you the option to configure them. That how I did it atleast.

Here is the configuration for NAT.
1) goto /etc/rc.conf and open it
2) There are several lines that I am skipping
gateway_enable="YES"
firewall_enable="Yes" (if you want that)
natd_eanble="YES" (Will NAT your computer)
natd_interface="ep0" (network cards could be named other
"ep0" like "dc0" etc)
3) for now disregard the firewall, make sure that you can see the following in /etc/rc.config

ifconfig_ep0=10.6.6.6 (primary network interface)
ifconfig_ep1=192.168.6.6 (you get the picture)

Your goal is to be able to ping each of the addresses from
within that computer first.
If that is successful, then ping the primary network interface from you workstation. Assuming that you have an existing workstation on the same netwokr id of the second network interface or "ep1" or whatever.

So if your workstation's ip address is 192.168.6.10. Ping 192.168.6.6. If that replies, then ping 10.6.6.6 from your workstation. If that replies and you have another host connected to the 10.6.6.0 subnet and its ip addres is 10.6.6.10, then ping 10.6.6.10 from your workstation.

If that is successful then you subnet 192.168.6.0 can communicate with the subnet of 10.6.6.0. That means that the first very important step has been accomplished. Yes you now have NAT running on your bsd box.

Now you can concentrate on the more complicated and frustrating complexities of a router like configurign ipfw, ipsec, and all of the other annoying stuff that I have not figured out yet or had anyone here that knows what their talkng about help me yet. Different story, but I cant help with that yet.

good luck, i hope this helped somewhat..