[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [afnog]Internet Connection Sharing and DHCP config
On Sun, Sep 28, 2003 at 01:10:00PM -0700, Paul wrote:
> Does anyone know what I need to do in order for me to setup a linux
> or freeBSD as a server that will serve a cybercafe so that windows
> clients can share internet access through it.
>
> don't want to use windows due to the virus problem, so I need some
> help on how to setup a linux or freeBSD box as a proxy server using
> NAT and that can do DHCP function as well.
Well, in summary for FreeBSD:
(1) Install FreeBSD. Configure two network cards, one with the external
IP and one with the internal IP. Make sure it has external connectivity.
e.g. in /etc/rc.conf
ifconfig_fxp0="1.2.3.4 netmask 255.255.255.240" # public net
ifconfig_fxp1="192.168.0.1 netmask 255.255.255.0" # private net
defaultrouter="1.2.3.1"
For more details see handouts from previous Afnog workshops.
(2) Recompile a kernel with
options IPFILTER
options IPFILTER_LOG
For more details see handouts from previous Afnog workshops.
(3) Add to /etc/rc.conf
gateway_enable="YES" # enables packet forwarding
ipfilter_enable="YES"
ipnat_enable="YES"
ipmon_enable="YES"
icmp_drop_redirect="YES"
(4) create /etc/ipnat.rules
map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 -> 0/32 proxy port ftp ftp/tcp
map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 -> 0/32 portmap tcp/udp auto
map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 -> 0/32
(where fxp0 is your external interface, these rules perform special proxying
for FTP; port mapping for tcp and udp; or straight NAT for other protocols)
(5) create /etc/ipf.rules if you want packet filtering, at minimum
pass in all
pass out all
For more details of IPF configuration see http://coombs.anu.edu.au/~avalon/
That should get your NAT router working. For DHCP server:
(6) install package isc-dhcp3-3.0.1.r11 or whatever the latest version is,
from ports or packages
In /usr/local/etc/rc.d, copy isc-dhcpd.sh.sample to isc-dhcpd.sh
Edit it and set dhcpd_ifaces=fxp1 (where fxp1 is your internal interface)
(7) create /usr/local/etc/rc.d/dhcpd.conf containing something like
ddns-update-style none;
option domain-name-servers 1.2.3.4, 4.5.6.7; # nearest DNS caches
option domain-name "mydomain.com";
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.20 192.168.0.250; # IPs to allocate
max-lease-time 14400;
default-lease-time 3600;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.1; # IP address of NAT router
}
Start dhcpd using
# /usr/local/etc/rc.d/isc-dhcpd.sh start
Regards,
Brian.
__________________________________________________
This is the Africa Network Operators' Group(AfNOG)
technical discussion list.
The AfNOG website is: <http://www.afnog.org>