Setting up FreeBSD as Internet gateway/router

B

balanga

My current setup consists of an ADSL wireless router which is configured as 192.168.1.1 and runs NAT and acts as a DHCP server for my small network of around 10 computers and assigns addresses in the 192.168.1.0 subnet.

What I would like to move to eventually is to have a FreeBSD machine set up as a gateway/router between my network and the Internet and also to run a web server using a real IP address. i.e. I want the FreeBSD machine to provide much of the functionality currently being provided by the ADSL wireless router, - NAT and DHCP, but also have both and internal and external IP address.

If anyone understands my requirements could you suggest what I need to do in a step by step approach?

I did have this set up a very long time ago on OS/2 (if anyone remembers that) and it worked fine, but I have no idea where to start getting this working on FreeBSD.
 
The only way to get the 'external' address on the FreeBSD machine is when your modem is able to be set in "bridge-mode". In that case an attached machine (like your FreeBSD) will receive the 'external' IP address from the modem instead of an internal address. From there you can do NAT, DHCP, DNS and everything else. A lot of SOHO modem/routers don't have this option though.
 
If your ADSL modem does not have bridge mode, you can usually switch on a DMZ mode, where all Internet-facing ports can be translated 1:1 to the internal IP address of your FreeBSD machine. It can then act as a DHCP/DNS/NAT whatever for your LAN. It will do double NAT translation, but with modern processing power you won't even notice.
 
Maybe this is too obvious, but have you read the chapters 28 and 29, 30 of the FreeBSD Handbook at http://www.freebsd.org/doc/en/books/handbook/?
Something to start with is perhaps dns/dnsmasq as DHCP/DNS Server and one of the firewalls mentioned in the FreeBSD Handbook. So you need two network cards for your box, one for your internal network and the second for the outside network.
Is this the topic you want to know more about? Or rather how to setup your existing ADSL modem? In the latter case I think this is the wrong forum ;-)
 
gqgunhed said:
Maybe this is too obvious, but have you read the chapters 28 and 29, 30 of the FreeBSD Handbook at http://www.freebsd.org/doc/en/books/handbook/?
Something to start with is perhaps dns/dnsmasq as DHCP/DNS Server and one of the firewalls mentioned in the FreeBSD Handbook.
Click to expand...

Thanks for the pointer I will definitely check that out. One of the problems with FreeBSD is that there is *sooo* much documentation that it is intimidating. If there was a hardcopy of the handbook, I would definitely buy it.

So you need two network cards for your box, one for your internal network and the second for the outside network.
Click to expand...

Well I did manage to use two IP addresses with one card 15 years ago on OS/2 so I would be surprised if FreeBSD couldn't do the same...

[url=http://www.cyberciti.biz/tips...w.cyberciti.biz/tips/freebsd-h ... e-nic.html
[/url]
;)
 
It's perfectly easy to assign multiple addresses to one interface in FreeBSD:

Code: 
ifconfig_em0="192.168.1.1 netmask 255.255.255.0"
ifconfig_em0_alias0="192.168.2.1/24"
However, if you are planning to use FreeBSD as your Internet gateway, but use one interface for both WAN & LAN, that sounds like an incredibly bad setup.
The only way you could make that work is to do the following:

  • Plug the ethernet of the server into a switch, in order to 'break out' the interface to multiple ports
  • Connect one of the switch ports to your ADSL modem to give the WAN interface. (Or to a 'bridged-WAN' port on your router, if possible)
  • Connect another of the switch ports to your LAN in order to give FreeBSD access to the LAN.

That really is a terrible idea. You've basically bridged the Internet to your private LAN. If you want FreeBSD to do WAN & LAN, it should have independent interfaces. It would be feasible to do the above by segregating the two with VLANs, but you'd need a VLAN capable switch and a more complex configuration. In the end it would be easier and cheaper to just get another network card for the server.

If it were me, I would just continue to use the stand-alone router for the ADSL connection. If you want FreeBSD to do DNS/DHCP/etc, just turn those features off on the router and configure DHCP on FreeBSD to give out the router's IP as default gateway, and itself as DNS.

As mentioned you can run web/mail/whatever services on the FreeBSD machine by just port forwarding the relevant ports through your router to the FreeBSD server. (if your router supports port forwarding, which *almost* all do). It doesn't need to have the WAN address for that.

If you really want FreeBSD to do the WAN I would get a second interface for the server. If your router allows you to bridge the WAN through to one of the ethernet ports, great. Alternatively, you can get a standalone ADSL modem, such as the Draytek Vigor 120 (may depend on the country), which basically just converts the ADSL PPPoA connection into PPPoE, allowing you to configure all the PPP dialup settings on the server.
 
You must log in or register to reply here.
Back
Top