Thanks in advance for any help.
I have a GENERIC FreeBSD 9.0 machine (+ options ip_divert) that I would like to use as a router/firewall for my network. I have done ALL the how-to's and the reading associated with this project and have thus far only managed to pull most of my hair out.
Let me explain my wanted network topography:
rc.conf
I know I have many errors. Please don't poke too much as I am a novice, but can anyone help me with this? When I hook the FreeBSD[rl0] to the cable modem, and the [dc0] to the switch with the other systems, I cannot get onto the internet from any machine including the router. Another thing: for some reason, the router stops accepting my ssh requests. x(
I am willing to take this one step at a time, and if anyone out there is willing to give me a hand with this, as well as explain it to me so I don't have to burden this community constantly, I am willing to let someone ssh in.
:\
I have a GENERIC FreeBSD 9.0 machine (+ options ip_divert) that I would like to use as a router/firewall for my network. I have done ALL the how-to's and the reading associated with this project and have thus far only managed to pull most of my hair out.
Let me explain my wanted network topography:
Code:
::Commercial Cable with static IP::
|
|
::FreeBSD router with NATD/IPFW:: (68.15.xxx.xxx[rl0]/192.168.1.1[dc0])
|
|
|
::10/100 8 port switch::
|
|
-----------------------------------------------------
:Server 192.168.1.10: :Wintel/DHCP: :Wintel/DHCP:rc.conf
Code:
##################################
# Network Name of Machine
hostname="Bender"
# IP4 address and Netmask
ifconfig_rl0="68.15.62.102 netmask 255.255.255.224"
ifconfig_dc0=" inet 192.168.1.1 netmask 255.255.255.0"
gateway_enable="YES"
defaultrouter="68.15.62.97"
# Alternet IP4
#ifconfig_rl0="DHCP"
#ifconfig_dc0=" inet 192.168.1.2 netmask 255.255.255.0"
#defaultrouter="192.168.1.1"
firewall_enable="YES"
firewall_type="OPEN"
firewall_script="/etc/ipfw.rules"
natd_enable="YES"
natd_interface="rl0"
natd_flags="-f /etc/natd.conf"
ntpd_enable="YES"
ntpd_flags="-g"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
# Added to get X11 working 3-25-12
hald_enable="YES"
dbus_enable="YES"
###############################
#
# Services
sshd_enable="YES"
ftpd_enable="NO"
inetd_enable="NO"
proftpd_enable="NO"
sendmail_enable="NO"
apache22_enable="NO"
qpopper_enable="NO"
named_enable="NO"
Code:
port 8668
interface rl0
# Apache22 HTTPd
redirect_port tcp 192.168.1.10:80 80
# ProFTPd
redirect_port tcp 192.168.1.10:20-21 20-21
# POP3
redirect_port tcp 192.168.1.10:110 110
# SMTPd
redirect_port tcp 192.168.1.10:25 25
file "natd.conf", 15 lines
Code:
ipfw -q -f flush # delete all rules
#set defaults
oif="rl0" # Outbound Interface
iif="dc0" # Inbound Interface
cmd="ipfw -q add " # Build rule prefix
## Start Rules #####################################
$cmd 00050 divert natd from any to any via $oif
$cmd 00100 allow ip from any to any via lo0
$cmd 00250 allow ip from any to 192.168.1.10 20-21
$cmd 00300 allow ip from any to 192.168.1.10 22
$cmd 00350 allow ip from any to 192.168.1.10 25
#$cmd 00400 allow ip from any to 192.168.1.10 53
$cmd 00450 allow ip from any to 192.168.1.10 80
$cmd 00500 allow ip from any to 192.168.1.10 110
$cmd 35000 allow all from 192.168.1.0 out via $oif
## Last Rule: Deny EVERYTHING that ipfw didn't get already ##
$cmd 65535 deny ip from any to any
file "ipfw.rules", 22 linesI know I have many errors. Please don't poke too much as I am a novice, but can anyone help me with this? When I hook the FreeBSD[rl0] to the cable modem, and the [dc0] to the switch with the other systems, I cannot get onto the internet from any machine including the router. Another thing: for some reason, the router stops accepting my ssh requests. x(
I am willing to take this one step at a time, and if anyone out there is willing to give me a hand with this, as well as explain it to me so I don't have to burden this community constantly, I am willing to let someone ssh in.
:\
