FreeBSD 4.7 DHCP and NAT

Hay guys. i've been trying to get my server up since 7Dec, with only a little bit of luck, some help would be great.

BSD box with cable modem running bpalogin program to connect to web, happy and working, realtek netcard rl1 144.136.228.240 first problem is a bootup error of :

Internet Software Consortium DHCP Server V3.0.1rc12
Copyright 1995-2003 Internet Software Consortium.
All rights reserved.
For info, please visit http://www.isc.org/products/DHCP
Wrote 4 leases to leases file.

No subnet declaration for rl1 (144.136.228.240).
** Ignoring requests on rl1. If this is not what
you want, please write a subnet declaration
in your dhcpd.conf file for the network segment
to which interface rl1 is attached. **

Listening on BPF/rl0/00:05:1c:98:07:0e/192.168.0.0/24
Sending on BPF/rl0/00:05:1c:98:07:0e/192.168.0.0/24
Sending on Socket/fallback/fallback-net

Now i'm not sure if this is stopping the bridge and natd settings, I've search most on the net with no luck, including manual, tried adding setting of

subnet DHCP netmask 255.255.252.0 {
}

Which is what Telstra BigPond's netmask is, new error is

Please do not under any circumstances send requests for help directly to the authors of this software - please send them to the appropriate mailing list as described in the readme file

I found a script which set everything up and was working OK, forwarding packet was quite slow but after round 3 - 5 days up, net would slow down to no data transfer at all for the two WinXP machines connected to rl0 (Ethernet HUB card with realtek chipset) attached is script. gateway of 192.168.0.1

I search everywhere for answers, there's just so much out there, that hasn't got answers.

The other question in about Firewall where is the Best How To that explains EVERYTHING!! i.e. what is the /24 after an ip address means.

Can you help I'm at a loose end, sorry for the novel but I want to include enough info

DMESG----------------------------------
Copyright (c) 1992-2002 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 4.7-RELEASE #0: Wed Oct 9 15:08:34 GMT 2002
root@builder.freebsdmall.com:/usr/obj/usr/src/sys/GENERIC
Timecounter "i8254" frequency 1193182 Hz
CPU: Pentium Pro (199.31-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0x619 Stepping = 9
Features=0xfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV>
real memory = 33554432 (32768K bytes)
avail memory = 27578368 (26932K bytes)
Preloaded elf kernel "kernel" at 0xc0517000.
Preloaded elf module "bridge.ko" at 0xc051709c.
Pentium Pro MTRR support enabled
md0: Malloc disk
npx0: <math processor> on motherboard
npx0: INT 16 interface
pcib0: <Host to PCI bridge> on motherboard
pci0: <PCI bus> on pcib0
Correcting Natoma config for non-SMP
isab0: <Intel 82371SB PCI to ISA bridge> at device 1.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel PIIX3 ATA controller> port 0xfff0-0xffff at device 1.1 on pci0
ata0: at 0x1f0 irq 14 on atapci0
ata1: at 0x170 irq 15 on atapci0
uhci0: <Intel 82371SB (PIIX3) USB controller> port 0x5800-0x581f irq 11 at device 1.2 on pci0
usb0: <Intel 82371SB (PIIX3) USB controller> on uhci0
usb0: USB revision 1.0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
rl0: <RealTek 8139 10/100BaseTX> port 0x5400-0x54ff mem 0x50000100-0x500001ff irq 10 at device 6.0 on pci0
rl0: Ethernet address: 00:05:1c:98:07:0e
miibus0: <MII bus> on rl0
rlphy0: <RealTek internal media interface> on miibus0
rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
rl1: <RealTek 8139 10/100BaseTX> port 0x5000-0x50ff mem 0x50000000-0x500000ff irq 9 at device 7.0 on pci0
rl1: Ethernet address: 00:05:1c:19:49:77
miibus1: <MII bus> on rl1
rlphy1: <RealTek internal media interface> on miibus1
rlphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
pci0: <S3 Trio graphics accelerator> at 11.0
orm0: <Option ROM> at iomem 0xc0000-0xc7fff on isa0
fdc0: <NEC 72065B or clone> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
fdc0: FIFO enabled, 8 bytes threshold
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0
kbd0 at atkbd0
vga0: <Generic ISA VGA> at port 0x3b0-0x3cf iomem 0xa0000-0xbffff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA (mono) <16 virtual consoles, flags=0x300>
sio0: configured irq 4 not in bitmap of probed irqs 0x8
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 16550A
sio1: configured irq 3 not in bitmap of probed irqs 0
ppc0: parallel port not found.
BRIDGE 020214 loaded
ad0: 2441MB <WDC AC32500H> [4960/16/63] at ata0-master WDMA2
acd0: CDROM <HITACHI CDR-8130> at ata1-master PIO4
Mounting root from ufs:/dev/ad0s1a
IP packet filtering initialized, divert disabled, rule-based forwarding enabled, default to deny, logging disabled
ip_fw_ctl: invalid command
/ETC/RC.CONF---------------------------------------------
gateway_enable="YES"
firewall_enable="YES"
firewall_logging_enable="YES"
firewall_quiet="NO"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="rl1"
hostname="lanchbury.id.au"
kern_securelevel_enable="NO"
linux_enable="YES"
nfs_reserved_port_only="YES"
nfs_server_enable="YES"
sendmail_enable="YES"
sshd_enable="YES"
usbd_enable="YES"
hostname="lanchbury.id.au"
router_flags="-q"
router="/sbin/routed"
router_enable="YES"
ifconfig_rl0="inet 192.168.0.1 netmask 255.255.255.0"
ifconfig_rl1="DHCP"
/USR/LOCAL/ETC/DHCPD.CONF-------------------------------
# option definitions common to all supported networks...
option domain-name "lanchbury.id.au";
option domain-name-servers 61.9.240.14, 61.9.240.15;
option subnet-mask 255.255.255.0;

default-lease-time 600;
max-lease-time 7200;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# ad-hoc DNS update scheme - set to "none" to disable dynamic DNS updates.
ddns-update-style none;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.200;
option routers 192.168.0.1;
}

Are you sure you know what you are doing? Why you need to run a dhcpd server? Can your winxp boxes surf the web? Is that what you are trying to do for Internet sharing?

I sort of know what i'm doing (been learning heaps as I go), i've got a pro helping me but his had no experince in internet sharing through FreeBSD (but knows it all with email and web pages).

I need to run dhcpd because the cable modem and telstra bigpond only give out ONE user at one time, meaning that the server can't be online at the same time as the WinXP machine, as a second step i wanted to firewall the windows machines from the net, I can't do it the other way around because the WinXP machine's are switched off at night and the IP address will not be a net IP.

No the Win machine can't get to the net at the same time. I'm trying to get the BSD box to share to the XP machines.

The two win machines need to turn on and off depending on who wants the net at the time and second user cost $10 a month extra. Not worth it.

Thanks for your reply, Is there any more comp spec needed??

Why not just buy a $30 hardware router? Especially since you'll need a hub anyways and they are about the same price.

You will want to be careful running a dhcp server, as I understand if it is misconfigured you will make your ISP very unhappy with you.

BTW this is quite a common setup it seems to me you should be able to find lots of docs on how to do it.

To help any furthur I think we need to see your firewall/nat rules.

Some Links to check out:
http://www.bsdforums.org/forums/sho...&threadid=16764
http://www.bsdforums.org/forums/sho...&threadid=16441

Thankz heaps for the linkz very good reading somewhere through those i'll get the firewall going.

One problem is i've brought a switch card already and after a bit of a google there $100-$200 and then the IP address handed down won't be pingable from the net, it's a server a need a NetIP.

The effort required to setup the hardware router is in the same to getting BSD to do it of which should be capable and is on 24/7, i've got the gear if just got to setup it up

The other problem is that telstra won't provide a static IP (well over $100 a month they will but not on a cable modem so loss of speed AND i'm not paying to ISP bill so . . . ) the rl1 interface must be server assigned. and i'll run some script to keep my dns up to date.

I don't understand the "careful runing a dhcp server" It's on the internal network and the packets are being NAT'ed how will they know.??

Yes i'll agree with you it is a very common setup but no real answer out there AND under no search can i find the answer to :

No subnet declaration for rl1 (144.136.228.240).

Thankz for your time guys!

/ETC/IPNAT.RULES-------------------------------------------
#below is a irc identd port forwarding example
#rdr rl1 0.0.0.0/0 port 113 -> 192.168.1.5 port 113 tcp
map rl1 192.168.0.1/24 -> 0/32 portmap tcp/udp auto
map rl1 192.168.0.1/24 -> 0/32
/ETC/IPFW.CONFIG------------------------------------------------
# Firewall: the firewall machine / nat gateway
# rl1 : External network 144.136.xxx.xxx
# rl0 : Internal network 192.168.0.1 sharing .1 - .200

add 01000 allow tcp from any to any established
add 01001 allow all from any to any out via rl0
add 01001 allow all from any to any out via rl1
add 03000 allow tcp from any to any http,https
add 03000 allow tcp from any to any 4000-65535,ssh,smtp,domain, ntalk
add 03000 allow tcp from any to any auth,pop3,ftp,ftp-data
add 04000 allow icmp from any to any icmptypes 0,3,8,11,12,13,14
add 05000 deny log ip from any to any frag
add 06000 deny all from any to any

Apparently you and your pro are plain clueless (don't get upset at me for being straight forward, I always like that).
Running dhcpd is between your FreeBSD and your xp boxes, absolutely irrelevant to the type of your Internet connection. That said, to get Internet sharing working, you DO NOT need to run a dhcpd. You do, however, need to run dhcp client if your cable provider doesn't provide you a static IP.
Using FreeBSD as a router to get Internet sharing to work with your xp boxes is one thing, configure a dhcpd is to provide 192.168.0.x to your xp boxes dynamically so you don't have to hardcode the LAN IP to your XP box (usually for notebooks), is another irrelevant thing.
Buying a hardware router totally defeats the whole purpose for using your FreeBSD box as a router.

Thanks for your help freebsd, you've been a big help.

Is there any pages about the setup as described, i'm have a little bit of trouble getting info.

Thankz again heaps

After having a look, and correct me if i'm wrong, dhclient is for the server connecting to my isp which is working, the connection i'm having trouble with is the two winxp machines to the server, which is why i'm running dhcpd.

Am I right so far, now I've also found that if it's a desktop not to use dhcpd and just set it manually, is this the case, because the server will see strange computers from time to time and is why I'm interested to get the daemon running.

A little more help would be great, thankz guys.

i have a howto if you want to run your freebsd box as a router/gateway

http://www.bsdforums.org/forums/sho...&threadid=16764

Yep i've found your page before, i've now re-done everything including the rebuild of the kernel I didn't know how to before and i still get the error

lanchbury:/home/nathan# dhcpd+
Internet Software Consortium DHCP Server V3.0.1rc12
Copyright 1995-2003 Internet Software Consortium.
All rights reserved.
For info, please visit http://www.isc.org/products/DHCP
Wrote 5 leases to leases file.

No subnet declaration for rl1 (144.136.228.240).
** Ignoring requests on rl1. If this is not what
you want, please write a subnet declaration
in your dhcpd.conf file for the network segment
to which interface rl1 is attached. **

Listening on BPF/rl0/00:05:1c:98:07:0e/192.168.0.0/24
Sending on BPF/rl0/00:05:1c:98:07:0e/192.168.0.0/24
Sending on Socket/fallback/fallback-net


Now the server's not connected to the winxp machines at this time so i can't check that NATD is running but i would guess we've got it

The only other thought would be the line
ifconfig_rl1="DHCP"
In your "How To" you mentioned it but didn't say if this is right, As I've said before I havn't got a static IP so is this right and why am I still getting this error.

Help anyone, Thanks guys for all your help.

make sure rl1 is the card that is connected to your modem and disconnect rl0. set rl1 to dhcp and see if you can ping devshed.com

if you can, that means your internet connection works and something is just screwed with your dhcpd.

Thankz heap for your help guys, My box has been connected to ADSL now and the thompson speed touch 530 and does EVERYTHING we've been doing

I thinking all that work for nothing. I've learnt heaps though

But I guess there's still no correct answer for "No subnet declaration for rl1" on the web.

john5788 : rl1 is a hub card so i'm unable to unplug it, thankz for your time though.

Sorry I mean rl0 is the hub card