FreeBSD WNATD IPF
From FBSD_tips
WARNING: THIS ARTICLE IS A DRAFT. STEPS MAY BE INCORRECT OR DESTRUCTIVE.
Post-Setup -- During BSD install Process Make sure that you say yes to the "Does the computer function as a network gateway." Also, Make sure that the rc.conf has the option
'gateway_enable="yes"
Step one - Setting up the kernel Add the folling Kernel optiont to your kernel conf
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=5
options IPDIVERT
Then Build your kernel and install your kernel
make buildkernel KERNCONF=kernconf && make installkernel KERNCONF=kernconf
Step two - Setting up the rc.conf Making it so that the firewall and nat start add the following lines
firewall_enable="YES" # Start IPFW daemon firewall_script="/etc/ipfw.rules" # use my custom rules. filewall_logging="YES" # Enable packet logging natd_enable="YES" # Enable NATD function natd_interface="rl0"# interface name of public internet Nic
Step Three - setting up the firewall rules
add the following lines to the /etc/ipfw.rules
ipfw -q -f flush
cmd="ipfw -q add"
$cmd 010 divert natd all from any to any via rl0
$cmd 711 pass all from any to any
Step four - sysctl.conf edit /etc/sysctl.conf Add the following lines
net.inet.ip.fw.verbose_limit=5 net.inet.ip.forwarding=1
Misc 1 - DHCP server
install /usr/ports/net/isc-dhcp3-server edit /usr/local/etc/dhcpd.conf Add the following lines to it
authoritative;
allow client-updates;
ddns-update-style none;
log-facility local7;
subnet 10.1.1.0 netmask 255.255.255.0 {
range 10.1.1.103 10.1.1.200;
option domain-name-servers nameserver-ip;
option domain-name "domain-name";
option routers 10.1.1.1;
option broadcast-address 10.1.1.255;
default-lease-time 600;
max-lease-time 7200;
}
Now edit the rc.conf so that it will start up
Add the following lines to it
dhcpd_enable="YES" dhcpd_flags="-q" dhcpd_conf="/usr/local/etc/dhcpd.conf" dhcpd_ifaces="xl0" #the interface that is internal dhcpd_withumask="022"
