Filed in archive
FreeBSD
by Michael Hammer on August 26, 2006
1. Install FreeBSD(If u need help installing, Click here
2. Compile kernel with aditional options for ipfw router:
3. execute at prompt:
#cd /usr/src/sys/i386/conf
#cp GENERIC ROUTER
#edit ROUTER
4. ---- add in file ROUTER, at the end the following lines ----------
options IPDIVERT
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_FORWARD
options DUMMYNET
options HZ=1000
---- end of file router
5. execute at prompt:
# config ROUTER
# cd ../compile/ROUTER
#make depend
#make
#make install
6. ---- edit /etc/rc.conf ----------------------------------------------------
defaultrouter="86.124.80.1"
gateway_enable="YES"
hostname="router"
ifconfig_fxp0="inet 83.123.213.23 netmask 255.255.255.252"
ifconfig_fxp1="inet 10.0.0.1 netmask 255.255.255.0"
sshd_enable="YES"
natd_enable="YES"
natd_flags=""
named_enable="YES"
natd_interface="fxp0"
firewall_enable="YES"
firewall_quiet="NO"
firewall_script="/etc/router.firewall"
firewall_logging="YES"
inetd_enable="YES"
kern_securelevel_enable="NO"
---- end of rc.conf
7. ---- edit /etc/resolv.conf ------------------------------------------------
nameserver ip_of_your_dns
---- end of resolv.conf ---------------------------------------------
8. ---- edit /etc/router.firewall----------------------------------------------
fwcmd=/sbin/ipfw
$fwcmd add 00010 divert 8668 ip from any to any via fxp0
$fwcmd add 00020 allow ip from any to any via lo0
$fwcmd add 00030 deny ip from any to 127.0.0.0/8
$fwcmd add 00040 deny ip from 127.0.0.0/8 to any
$fwcmd add 50 allow ip from 10.0.0.2 to any
$fwcmd add 60 allow ip from any to 10.0.0.2
$fwcmd add 70 allow ip from 10.0.0.3 to any
$fwcmd add 80 allow ip from any to 10.0.0.3
$fwcmd add 90 allow ip from 10.0.0.4 to any
$fwcmd add 100 allow ip from any to 10.0.0.4
$fwcmd add 110 allow ip from 10.0.0.5 to any
$fwcmd add 120 allow ip from any to 10.0.0.5
$fwcmd add 35000 allow ip from me to any
$fwcmd add 35001 allow ip from any to me
---- end of router.firewall--------------------------------------------
Comments:
fpx0 is external interface, you should assign your public ip here
fxp1 is internal interface
fxp0 and fxp1 are intel network cards, you should use your own devices here, if you have other types of cards then your nic device will not be fxp.
To check the name of your devices type ifconfig or dmesg | more.
The file /etc/router.firewall is the firewall rule file, in this example I've allowed only ips 10.0.0.2-10.0.0.5 to use the router.
In the file /etc/resolv.conf you must put your dns servers, so instead of ip_of_your_dns here in example you should have the ip of your dns :D
After compiling the kernel don't forget to reboot.
2. Compile kernel with aditional options for ipfw router:
3. execute at prompt:
#cd /usr/src/sys/i386/conf
#cp GENERIC ROUTER
#edit ROUTER
4. ---- add in file ROUTER, at the end the following lines ----------
options IPDIVERT
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_FORWARD
options DUMMYNET
options HZ=1000
---- end of file router
5. execute at prompt:
# config ROUTER
# cd ../compile/ROUTER
#make depend
#make
#make install
6. ---- edit /etc/rc.conf ----------------------------------------------------
defaultrouter="86.124.80.1"
gateway_enable="YES"
hostname="router"
ifconfig_fxp0="inet 83.123.213.23 netmask 255.255.255.252"
ifconfig_fxp1="inet 10.0.0.1 netmask 255.255.255.0"
sshd_enable="YES"
natd_enable="YES"
natd_flags=""
named_enable="YES"
natd_interface="fxp0"
firewall_enable="YES"
firewall_quiet="NO"
firewall_script="/etc/router.firewall"
firewall_logging="YES"
inetd_enable="YES"
kern_securelevel_enable="NO"
---- end of rc.conf
7. ---- edit /etc/resolv.conf ------------------------------------------------
nameserver ip_of_your_dns
---- end of resolv.conf ---------------------------------------------
8. ---- edit /etc/router.firewall----------------------------------------------
fwcmd=/sbin/ipfw
$fwcmd add 00010 divert 8668 ip from any to any via fxp0
$fwcmd add 00020 allow ip from any to any via lo0
$fwcmd add 00030 deny ip from any to 127.0.0.0/8
$fwcmd add 00040 deny ip from 127.0.0.0/8 to any
$fwcmd add 50 allow ip from 10.0.0.2 to any
$fwcmd add 60 allow ip from any to 10.0.0.2
$fwcmd add 70 allow ip from 10.0.0.3 to any
$fwcmd add 80 allow ip from any to 10.0.0.3
$fwcmd add 90 allow ip from 10.0.0.4 to any
$fwcmd add 100 allow ip from any to 10.0.0.4
$fwcmd add 110 allow ip from 10.0.0.5 to any
$fwcmd add 120 allow ip from any to 10.0.0.5
$fwcmd add 35000 allow ip from me to any
$fwcmd add 35001 allow ip from any to me
---- end of router.firewall--------------------------------------------
Comments:
fpx0 is external interface, you should assign your public ip here
fxp1 is internal interface
fxp0 and fxp1 are intel network cards, you should use your own devices here, if you have other types of cards then your nic device will not be fxp.
To check the name of your devices type ifconfig or dmesg | more.
The file /etc/router.firewall is the firewall rule file, in this example I've allowed only ips 10.0.0.2-10.0.0.5 to use the router.
In the file /etc/resolv.conf you must put your dns servers, so instead of ip_of_your_dns here in example you should have the ip of your dns :D
After compiling the kernel don't forget to reboot.
Permalink: Configure a router on FreeBSD using IPFW
Trackback: http://publish.creative-weblogging.com/publish/mt-tb.pl/34447
Addthis
Ask
Blinklist
del.icio.us
Digg
Fark
Facebook
Google
Lycos
Ma.gnolia
Mr Wong
Netscape
Netvousz
Newsvine
Reddit
StumbleUpon
Slashdot
Tailrank
Technorati
Wink
Yahoo
Vote for Configure a router on FreeBSD using IPFW:
|
Rating: 7.33 out of 3 vote(s) cast.
|
Response from:
guestx
(02/27/09 5:33pm)
Subscribe
Use the search to look for other interesting posts
| RSS |  See all blog subscribe options |
 What is RSS? | |
| Yahoo! |
|
| Addthis |
|
| Bloglines |
|
| Newsletter | |
| Follow us on Twitter! |
I can't understand at all - using only console in 2009 year. There is exist very nice ligth windows managers xfce..e17...
Look what using people at Mac's for doing some things.
http://personalpages.tds.net/~brian_hill/images/BrickHouseScreen.jpg
http://personalpages.tds.net/~brian_hill/brickhouse.html