How to set up a router with a FreeBSD 10.0

F

frankpeng

Hi, everybody!

I was able to set up FreeBSD as a router by using PF or firewall in FreeBSD 7,8,9. But in FreeBSD 10.0, there is a static_routes and route_<route> command in rc.conf file. Now I am not able to set up a router. Do I still need PF or firewall? Please help to set up a router by using FreeBSD 10.0!
In the handbook, talking about router, they did not mention anything about PF or firewall. Must be automatic?
Thanks!
 
You do not need any of the firewalls for the routing functionality to work. All you need to add to rc.conf is:
Code: 
gateway_enable="YES"
 
Hello!
I just fresh installed FreeBSD 10.0-RELEASE. I do not want to do anything but to make the router work.
I have 2 NICs. re0 is connected to the modem. re1 is connected to the switch. The switch hooked up server Windows computers.
I am still not be able to make the FreeBSD router work.
This is my rc.conf:

Code: 
hostname="www.pccom.ca"
ifconfig_re0="DHCP"
ifconfig_re1="inet 192.168.0.1 netmask 255.255.255.0"
gateway_enable="YES"
sshd_enable="YES"
ntpd_enable="YES"
dumpdev="NO"
zfs_enable="YES"
named_enable="YES"
named_chrootdir=""

The FreeBSD has no problem to connect to the Internet. The Windows computers have no problem to ping 192.168.0.1, and nslookup [url=http://www.google.com]http://www.google.com[/url] 192.168.0.1.
But all Windows computers cannot browse any web site because there is no connection from the gateway to the internet. Windows complains that there is no way from the gateway, which is the FreeBSD, to the Internet. So FreeBSD blocked re0 and re1.
Please help!
 
How do the Windows computers get their NIC configured? DHCP or static IP? What does
Code: 
route print
on the Windows computer show?
 
You are right. FreeBSD 10.0 still needs the old style routing.
This is my rc.conf

Code: 
hostname="www.pccom.ca"
ifconfig_re0="DHCP"
ifconfig_re1="inet 192.168.0.1 netmask 255.255.255.0"
gateway_enable="YES"
pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""
sshd_enable="YES"
ntpd_enable="YES"
dumpdev="NO"
zfs_enable="YES"
named_enable="YES"
named_chrootdir=""

This is my pf.conf

Code: 
ext_if="re0"
int_if="re1"
set skip on lo
nat on $ext_if inet from !($ext_if) -> ($ext_if:0)
 
I don't see any "old style routing" (where did you pick up such term anyway?) in your set up, I just see the kind of routing/NAT setup that is very common when the LAN is using private RFC1918 addresses. There's no real way to autodetect such a setup because nothing in the interface or routing settings would suggest that NAT is needed. The RFC1918 addresses on LAN are sure a good hint that NAT is probably needed but it's not conclusive proof, there are set ups where NAT is better done elsewhere.
 
zennybsd said:
kpa said:
I... there are set ups where NAT is better done elsewhere.
Click to expand...

It would be nice if you can elaborate a bit further or give the links. Thanks!
Click to expand...

A simplest scenario that comes to my mind is when you have a modem (DSL or cable, doesn't matter) that can not be set to bridge mode. You set up a router (FreeBSD or some other system) between the internal network that you want to protect and the modem. You set up the router without NAT because you don't want to use double NAT. Instead you set it up with just routing and firewall but no NAT. In this set up the modem would have to be told about the existence of the internal network with a static route. This essentially creates a DMZ between the router and the modem.
 
You must log in or register to reply here.
Back
Top