|
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
![]() |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
|
|
|
Stop making mediocre tutorials.The best tutorials are video! Camtasia Studio makes it easy to create engaging, buzz-building screen videos at any size, in any popular format. Download the free trial!
|
|
#1
|
|||
|
|||
|
Hello. I wonder if you can help me please.
Hi there.
I hope you can help. I'm having a nightmare trying to get this sorted, and the more reading I do, the more I confuse myself, I have been to the FreeBSD handbook many many times. But can you just confirm I have the right idea here please? I have a business cable connection, which is connected directly to an Ethernet on my FreeBSD box which is running 4.8-RELEASE. The modem it's using is a Samsung SCM140. I have been fortunate to obtain a Toshiba 2450-S402 P4 laptop. I wish to allow the laptop to use the same connection. The laptop needs no ports open, as it's just for me to access the net, the FreeBSD box however is a webserver. Ok, so I started the reading. I know I must place new NIC in FreeBSD box. Then I need to load IPFIREWALL and IPIDIVERT modules, which I read how to do this was to edit to /usr/src/sys/i386/conf/GENERIC: and add: options IPFIREWALL options IPDIVERT and then re-compile the kernel via: cd /usr/src make buildkernel KERNCONF=dan make installkernel KERNCONF=dan Then I read I had to add the following to /etc/rc.conf: gateway_enable="YES" firewall_enable="YES" firewall_type="OPEN" natd_enable="YES" natd_interface="sis0" natd_flags="" And then I read that I had to assign the FreeBSD box and the laptop private IPs, perferably something like FreeBSD box private IP: 192.168.0.1, Windows box: 192.168.0.2. I couldn't find any info on how to do to this? How near am I to understanding this, and what else do I need to do PLEASE? If you can guide me, it'd be much appreciated. With advance thanks! |
|
#2
|
|||
|
|||
|
Ok. Hopefully this will be the last time I annoy you guys!
I really appreciate the information you've given me. Excuse the idiots guide i've down below, but this is what I'm *sure* after all the reading that I have to do. Fortunately, while I kindly wait for your confirmation (please!!!) I had to order a new CrossOver cable which will be delivered. FYI: sis0 is the Ethernet connected to the business cable mode, sis1 is the new Ethernet which will connect to the Laptop. Here's what I believe I should do: 1. Place new NIC in FreeBSD box. 2. Load IPFIREWALL and IPIDIVERT modules, to /usr/src/sys/i386/conf/GENERIC: options IPFIREWALL options IPDIVERT cd /usr/src make buildkernel KERNCONF=GENERIC make installkernel KERNCONF=GENERIC 3. Add the following to /etc/rc.conf: gateway_enable="YES" firewall_enable="YES" firewall_type="OPEN" natd_enable="YES" natd_interface="sis0" natd_flags="" firewall_script="/etc/firewall/fwrules" Also, add "ifconfig_sis1="inet 192.168.0.1 netmask 255.255.255.0" 4. ifconfig sis1 inet 192.168.0.1/24 On the Laptop (WinXP) Set ip: 192.168.0.2, subnet 255.255.255.0, default gateway 192.168.0.1 and nameservers. And finally, my fwrules: # Define the firewall command (as in /etc/rc.firewall) for easy # reference. Helps to make it easier to read. fwcmd="/sbin/ipfw" # Force a flushing of the current rules before we reload. $fwcmd -f flush # Divert all packets through the tunnel interface. $fwcmd add divert natd all from any to any via sis0 # Allow all connections that have dynamic rules built for them, # but deny established connections that don't have a dynamic rule. # See ipfw(8) for details. $fwcmd add check-state $fwcmd add deny tcp from any to any established # Allow all localhost connections $fwcmd add allow tcp from me to any out via lo0 setup keep-state $fwcmd add deny tcp from me to any out via lo0 $fwcmd add allow ip from me to any out via lo0 keep-state # Allow all connections from my network card that I initiate $fwcmd add allow tcp from me to any out xmit any setup keep-state $fwcmd add deny tcp from me to any $fwcmd add allow ip from me to any out xmit any keep-state # Everyone on the Internet is allowed to connect to the following # services on the machine. This example specifically allows connections # to sshd and a webserver. $fwcmd add allow tcp from any to me dst-port 80,25,22 in recv any setup keep-state # This sends a RESET to all ident packets. $fwcmd add reset log tcp from any to me 113 in recv any # Enable ICMP: remove type 8 if you don't want your host to be pingable $fwcmd add allow icmp from any to any icmptypes 0,3,8,11,12,13,14 # Deny all the rest. $fwcmd add deny log ip from any to any Do you believe all that is correct? I just have one problem ... I tried running the IPFW script, and as soon as I did - no outsider could connect to the port 80, even though I restarted apachectl, as soon as I disabled those rules - it worked. I cannot see what is actually wrong with the rules, so if you can guide me on that - it'd be much appreciated. Thanks again for your assistance. It's much appreciated. |
![]() |
| Viewing: Dev Shed Forums > System Administration > Networking Help > Hello. I wonder if you can help me please. |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
|
|