home multipurpose gateway/router/server setup help

Volker volker at vwsoft.com
Mon Apr 2 23:14:22 UTC 2007 

On 12/23/-58 20:59, Moisa Teodor wrote:
> I wanted to set-up a multipurpose server/gateway/router with an old pc, but
> ran into some trouble.
> I have an internet connection from a local ISP (it's not cable or adsl it's
> ethernet) and a couple of home computers. The ISP has a
> litle program that needs to run continously in the background (it connects
> to one of my ISP's servers on port 2400)
> If that program does not run, i cannot go through the ISP's gateway.
> In the past i had another box with smoothwall linux, but the motherboard
> crashed. Anyway, on that box i was able to
> do the trick.
> I have installed FreeBSD. Both network cards are working (sis0 and pcn0). I
> runt the ISP's software and i have internet
> access. Good. But i want to shre this internet connection with my home LAN.
> I read somewhere that i need to recompile
> the kernel and enable packet filtering and firewall (the tutorial i used is
> located here http://www.lugbe.ch/lostfound/contrib/freebsd_router/).
> However, when i reboot with the new kernel I cannot connect to any network,
> neither the ISP's nor my home LAN.
> I want to use this box as a gateway/router/firewall for my home lan, and
> also run some services like a web server for my projects, etc.
> 
> 
> Thanks a lot for your help, and keep up the good work
> Doru Moisa

Doru,

unfortunately you've taken a rather old how-to for your setup. Of
course you may go with IPFILTER (IPFW) firewalling but I would
recommend to use pf.

If you want to go with IPFW, you have to keep in mind it defaults to
deny traffic. If you don't activate a (correct) ruleset, all traffic
is being blocked. The last time I've used IPFW is about 2 or 3 years
ago so my memory about that is currently somewhat limited.

I think the default-to-deny is your problem. You may check that out
by temporarily disabling IPFW (using `ipfw disable firewall').

If you want to go with pf as your firewalling solution (a modern,
high quality firewall), all you need to do is using a GENERIC kernel
and kldload pf.ko, write your ruleset, load it (by `pfctl -f ...'
and you're done.

As you want to use your box as a router for your home LAN, you may
also want to set gateway_enable="YES" in /etc/rc.conf which will set
sysctl net.inet.ip.forwarding=1 and your box will act as a router.

HTH,

Volker

More information about the freebsd-pf mailing list