FreeBSD 8.0 router setup question.

Mr0wyx · Feb 17, 2010

Hello!

I would like to ask for your clever advice. I'm really stuck at one point and can't find where is the mistake. I couldn't decide in witch forum section to put this post, but I think it refers more to network related discussions.

I have installed FreeBSD 8.0 on my box and I would like to make it to work as a router. Internet is connected by cable (ip is acquired by DHCP). Lan side is wireless. I'v configured both Lan and Wifi interfaces. DHCPd on wlan is working. Added to rc.conf lines to load ipwf, but can't get nat working. In dmesg it prints line that confuses me:

dmesg:

Code:

ipfw2 (+ipv6) initialized, divert loadable, nat loadable, rule-based forwarding disabled, default to deny, logging disabled

As I found in rc.conf(5) ipfw nat support is now loadable without kernel change. My rc.conf is:

rc.conf:

Code:

### General ###
keymap="us.iso"
hostname="home.home.com"

### Deamons ###
sshd_enable="YES"
gateway_enable="YES"
hostapd_enable="YES"
named_enable="YES"

### Wired Lan ###
ifconfig_re0="DHCP"

### Wireless Lan ###
wlans_ath0="wlan0"
create_args_wlan0="wlanmode hostap mode 11g"
ifconfig_wlan0="inet 192.168.100.1 netmask 0xffffff00 ssid home channel 11"

### Dhcpd ###
dhcpd_enable="YES"
dhcpd_ifaces="wlan0"

### IPFW ###
firewall_enable="YES"
firewall_type="open"
firewall_logging="YES"
firewall_nat_enable="YES"
firewall_nat_interface="re0"
dummynet_enable="YES"

ipfw prints following:

Code:

00050 2981 492046 divert 8668 ip4 from any to any via re0
00100    0      0 allow ip from any to any via lo0
00200    0      0 deny ip from any to 127.0.0.0/8
00300    0      0 deny ip from 127.0.0.0/8 to any
65000 3547 550143 allow ip from any to any
65535    0      0 deny ip from any to any

And I can't figure out, is the /etc/ipfw.rules essential? And do I have to enable natd in rc.conf or ipfw uses it's build in natd? Please give me advice, what am I doing wrong?

Thank you!

aragon · Feb 17, 2010

Your ruleset is trying to divert to a nat socket, but you're not starting natd(8) (userland NAT). Either start natd or use ipfw's kernel level NAT.

eg. add this to rc.conf:

Code:

natd_enable="YES"
natd_interface="re0"

I believe this is covered in the handbook...

Mr0wyx · Feb 17, 2010

I recompiled kernel and enabled following:

Code:

options         IPFIREWALL
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_DEFAULT_TO_ACCEPT
options         IPDIVERT
options         IPFIREWALL_FORWARD
options         DUMMYNET
options         IPFIREWALL_NAT

But internet still not working from router. Any suggestions?

Thank you!

hiatek · Feb 18, 2010

I created some documents on building a basic (as in really basic) "home/soho" router with dhcp server, DNS Server (pretty much redirects unknown queries to upstream ISP), PF (firewall) and port forwards for bittorrent.
Also my configuration uses ADSL and PPPoE to auth the connection, so no need to double NAT (This may not be applicable to you) I can remove the confidential stuff and share them somehow if that would help? Even if you used it to fill in some blanks.

I say this because you didn't really mention any ports or software specifically that you require to work, you just wanted it to work as a router and mentioned what you had tried.

Mr0wyx · Feb 18, 2010

hiatek:

I would really appreciate that! The problem is I don't have basic understanding of how to build router. I have found few guides. Tryed almost all of them on different distros of FreeBSD and none of them so far worked for me. So if you would share with me your docs or maybe I can contact you some how so you can give me some tips.

Thank you!

hiatek · Feb 19, 2010

http://hiatek.net.au/FreeBSD7.2.zip

Like I said its a start, the email section is very basic and I'm sure can be done better/more secure.

It's a collection of stuff I've used and found originally from web-sites, books and forums (If I stole your configuration let me know, I can take it away or add comments to it).

I did attempt to attach it although it was too big for the forums.

Grab it sooner rather than later though, I wont leave it there forever.

Let me know if something isn't clear as it is quite point form.

Regards,
Michael

Mr0wyx · Feb 19, 2010

hiatek:

Thank you a lot m8! I looked at your docs and they are very useful. I think it would be great if you would share them with others like me.

Btw, I finally got forking IPFW + NAT. If further configuration will be successful I think I will stick to ipfw setup.

Thank you all for support! Problem solved! :beer

HaydenHarnet · Jul 31, 2010

can you explain more Mr0wyx how you solved the problem ,
i'm blocked here

HaydenHarnet · Aug 2, 2010

thanks everything work fine now .

hiatek said:
http://hiatek.net.au/FreeBSD7.2.zipLike I said its a start, the email section is very basic and I'm sure can be done better/more secure.
It's a collection of stuff I've used and found originally from web-sites(linksys e3000), books and forums (If I stole your configuration let me know, I can take it away or add comments to it).

I did attempt to attach it although it was too big for the forums.

Grab it sooner rather than later though, I wont leave it there forever.Let me know if something isn't clear as it is quite point form.
Regards,
Michael