“Karena..hidup adalah soal keberanian, terimalah dan hadapilah..”

Mei 18, 2008

simple router configuration using FreeBSD

Filed under: Linux — ariee @ 11:45 am

Artikel bersumber dari laluvirtual.web.id

HARDWARE INFO:
rl0 – NIC facing the 192.168.0.0 network
xl0 – NIC facing the 192.168.1.0 network
xl1 – NIC facing the modem
tun0 – The virtual NIC used by PPP, facing the outside

SECTION 1: PRELIMINARY SETUP

  1. Install FreeBSD
  2. Enable the rl0 network card and give it an address by adding the following line to /etc/rc.conf
    this is a temporary address, and we’re doing this so we can log into the computer via SSH for convenience.

            ifconifg_rl0="inet 192.168.0.10 netmask 255.255.255.0"
  3. Enable the xl0 network card and give it an address by adding the following line to /etc/rc.conf
            ifconifg_xl0="inet 192.168.1.1 netmask 255.255.255.0"
  4. Set the defaultrouter in /etc/rc.conf to the address of the existing router:
            defaultrouter="192.168.0.1"
  5. Set the nameserver in resolv.conf to the address of the exisitng name server:
            nameserver  192.168.0.1
  6. In /etc/rc.conf enable the gateway function of FreeBSD by adding this line:
            gateway_enable=YES 
    

    SECTION 2: SETTING UP IPNAT

    1. Making FreeBSD load the IPNAT kernel module on bootup is easy, simply add this line to rc.conf:
              ipnat_enable="YES"
    2. Create the IPNAT configuration file /etc/ipnat.rules
    3. Add the two lines in /etc/ipnat.rules that are for outgoing connections:
              map tun0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp/udp 40000:65000
        map tun0 192.168.0.0/16 -> 0.0.0.0/32
    4. Add any redirection lines you may want. They take the following form:
        rdr [INCOMING INTERFACE NAME] [INCOMING IP ADDRESS/(32 FOR
        PUBLIC / 16 FOR PRIVATE)] port [PORT] ->  [IP ADDRESS OF MACHINE
        YOU WANT TO FORWARD TO] port [PORT]
    5. An example, used for a webserver:
              rdr tun0 70.232.254.2/32 port 80 -> 192.168.1.90 port 80
    6. After every time you alter the /etc/ipnat.rules file and want the changes to take effect, use the following commands:To clear the current settings:
              #ipnat -C

      To load the new settings:

              #ipnat -f /etc/ipnat.rules

      To view the current settings:

              #ipnat -l

    SECTION 3: SETTING UP THE DHCP SERVER

    1. Grab and decompress the ports tree:
              #cd /usr
        #fetch ftp://ftp.freebsd.org/pub/FreeBSD/ports/ports/ports.tar.gz
        #tar xvfz ports.tar.gz
    2. rc.subr capability is needed for ISC DCHP server, so install it from the ports:
              #cd /usr/ports/sysutils/rc_subr
        #make install clean
    3. Install ISC DHCPD from the ports:
              #cd /usr/ports/net/isc-dhcp3-server
        #make install clean
    4. Configure DHCPD:
      edit /usr/local/etc/dhcpd.conf so it looks like the following:

              #ee /usr/local/etc/dhcpd.conf
        option domain-name "example.com";
        option domain-name-servers 206.141.193.55;  #a valid DNS server, given by your ISP
        option subnet-mask 255.255.255.0;
        default-lease-time 86400;
        max-lease-time 86400;
        ddns-update-style none;
        subnet 192.168.0.0 netmask 255.255.255.0 {
        range 192.168.0.150 192.168.0.200;  #the range of IPs you want it to give out
        option routers 192.168.0.1;
        }
    5. To make DHCPD start on boot add the following line to /etc/rc.conf:
              dhcpd_enable="YES"

    SECTION 4: SETTING UP THE FORWARDING DNS SERVER

    1. Configure DNS forwarding:
      edit the file /etc/namedb/named.conf:

              #ee /etc/namedb/named.conf

      uncomment where it says “forward only” and “forwarders” and place one of your ISP’s DNS servers between the forwarders brackets.

    2. To make the name server start at boot add the following line to /etc/rc.conf:
              named_enable="YES"

    SECTION 5: SETTING UP PPPoE

    1. PPPoE’s configuration file is /etc/ppp/ppp.conf, edit it:
              #ee /etc/ppp/ppp.conf
        default:
        set device PPPoE:xl1  #xl1 is the NIC the modem is connected to
        set speed sync
        set mru 1492
        set mtu 1492
        set ctsrts off
        enable lqr
        set log phase tun
        add default HISADDR #grabs the ISP's gateway's address and makes it your defaultrouter
        nat enable no
        att:
        set authname USERNAME  #Replace USERNAME with your ISP login name
        set authkey PASSWORD   #Replace PASSWORD with your ISP login password
    2. Run PPP manually if you want to test it out:the commands form is /usr/sbin/ppp -MODE -PROFILE, in our case, we want it to run in the background and use the profile ‘att’, which we defined in the config file.
              #/usr/sbin/ppp -background att
    3. Making it so that PPP runs on boot:
      add the following lines to /etc/rc.conf:

              ppp_enable="YES"  #so that PPP starts
        ppp_nat="NO"    #IPNAT does our NAT, so we don't want this
        ppp_profile="att"  #use the 'att' profile
        ppp_mode="ddial"  #this mode makes ppp reconnect when disconnected

    SECTION 6: FINAL STEPS

    1. Change the address of the interface facing the internal network 192.168.0.0
              #ifconfig rl0 inet 192.168.0.1 netmask 255.255.255.0
        #ee /etc/rc.conf
        ifconifg_rl0="inet 192.168.0.1 netmask 255.255.255.0"
    2. Comment out or delete the defaultrouter”192.168.0.1″ line in /etc/rc.conf
    3. Put the address of your ISP’s DNS server(s) in /etc/resolv.conf
              #nameserver 206.141.193.55
    4. Hook it up!

    1 Komentar »

    1. excellent !!!
      thank you very much for useful info

      Komentar oleh niskotink0 — Juni 10, 2009 @ 5:36 pm | Balas


    RSS feed for comments on this post. TrackBack URI

    Tinggalkan Balasan

    Isikan data di bawah atau klik salah satu ikon untuk log in:

    Logo WordPress.com

    You are commenting using your WordPress.com account. Logout / Ubah )

    Gambar Twitter

    You are commenting using your Twitter account. Logout / Ubah )

    Foto Facebook

    You are commenting using your Facebook account. Logout / Ubah )

    Foto Google+

    You are commenting using your Google+ account. Logout / Ubah )

    Connecting to %s

    Blog di WordPress.com.

    %d blogger menyukai ini: