[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [afnog]Internet Connection Sharing and DHCP config

On Sun, Sep 28, 2003 at 01:10:00PM -0700, Paul wrote:
>      Does anyone know what I need to do in order for me to setup a linux
>      or freeBSD as a server that will serve a cybercafe so that windows
>      clients can share internet access through it.
> 
>       don't want to use windows due to the virus problem, so I need some
>      help on how to setup a linux or freeBSD box as a proxy server using
>      NAT and that can do DHCP function as well.

Well, in summary for FreeBSD:

(1) Install FreeBSD. Configure two network cards, one with the external
    IP and one with the internal IP. Make sure it has external connectivity.
    e.g. in /etc/rc.conf

ifconfig_fxp0="1.2.3.4 netmask 255.255.255.240"		# public net
ifconfig_fxp1="192.168.0.1 netmask 255.255.255.0"	# private net
defaultrouter="1.2.3.1"

For more details see handouts from previous Afnog workshops.

(2) Recompile a kernel with

options		IPFILTER
options		IPFILTER_LOG

For more details see handouts from previous Afnog workshops.

(3) Add to /etc/rc.conf

gateway_enable="YES"	# enables packet forwarding
ipfilter_enable="YES"
ipnat_enable="YES"
ipmon_enable="YES"
icmp_drop_redirect="YES"

(4) create /etc/ipnat.rules

map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 -> 0/32 proxy port ftp ftp/tcp
map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 -> 0/32 portmap tcp/udp auto
map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 -> 0/32

(where fxp0 is your external interface, these rules perform special proxying
for FTP; port mapping for tcp and udp; or straight NAT for other protocols)

(5) create /etc/ipf.rules if you want packet filtering, at minimum

pass in all
pass out all

For more details of IPF configuration see http://coombs.anu.edu.au/~avalon/

That should get your NAT router working. For DHCP server:

(6) install package isc-dhcp3-3.0.1.r11 or whatever the latest version is,
from ports or packages

In /usr/local/etc/rc.d, copy isc-dhcpd.sh.sample to isc-dhcpd.sh
Edit it and set dhcpd_ifaces=fxp1  (where fxp1 is your internal interface)

(7) create /usr/local/etc/rc.d/dhcpd.conf containing something like

ddns-update-style none;
option domain-name-servers 1.2.3.4, 4.5.6.7;	# nearest DNS caches
option domain-name "mydomain.com";
subnet 192.168.0.0 netmask 255.255.255.0 {
	range 192.168.0.20 192.168.0.250;	# IPs to allocate
	max-lease-time 14400;
	default-lease-time 3600;
	option subnet-mask 255.255.255.0;
	option broadcast-address 192.168.0.255;
	option routers 192.168.0.1;	# IP address of NAT router
}

Start dhcpd using
# /usr/local/etc/rc.d/isc-dhcpd.sh start

Regards,

Brian.
__________________________________________________
This is the Africa Network Operators' Group(AfNOG) 
technical discussion list.
The AfNOG website is: <http://www.afnog.org>