For internet access, the BSD system was connected to D-Link 502T configured as a NAT. I used an old 3Com 10/100 NIC PCI (xl0) for this purpose. For internal network, I connected the onboard Intel NIC (fxp0) to an old ASUS WL-500g Premium running on DD-WRT v23 SP2 (09/15/06). The firmware was quite dated but it worked as a WiFi Ethernet Bridge. I configured the ASUS as G-only, AP mode and enabled DHCP forwarder to BSD's internal interface IP address (DHCP listening).
WiFi Ethernet Bridge would be much better than having yet another layer of NAT. It also meant I could ssh into the BSD system through WiFi without setting port forwarding. The BSD system was configured as a NAT device itself to route traffic between internal network and internet access interface.
Diving into more details of BSD's configuration:
In summary, the /etc/rc.conf file included:
- enable BSD as gateway
- set "dhcp" to xl0 interface (internet access)
- set static ip to fxp0 interface (dhcp server address)
- enable nat and ipfw
- enable dhcpd
- enable named
"natd" came with 8.0 installation, and invoking it was as simple as adding afew lines to /etc/rc.conf file. Note the "natd_interface" refers to internet access interface, not the internal facing one.
"firewall_enable" requires kernel to be configured and compiled.
options IPFIREWALL ### NAT Service
options IPFIREWALL_VERBOSE ### Syslog logging
options IPDIVERT ### Socket Divert
In regards to the DHCP server, I did a "make; make install" under /usr/ports/net/isc-dhcp31-server directory for installation. After that, modify the /usr/local/etc/dhcpd.conf file to define DHCP listen interface and other related parameters.
# DHCP Listen interface
DHCPDARGS=fxp0; # Internal network.
Lastly, I installed DNS server (/usr/ports/dns/bind97), and configured the named.conf file. "forwarder" to localhost was configured:
forwarders { 127.0.0.1; };
This meant all DNS queries coming from internal network were consulted by /etc/resolv.conf as populated by upstream (D-Link) NAT gateway.
Restart the system "shutdown -r now". Congratulations, now you have your own Open Source NAT gateway.
There were many guidelines posted by the community on setting up BSD as NAT gateway, I referenced some of them and apologies for the lack of references in this post. However, I must say the settings are more or less the same for everybody...
Please feel free to contact me if you would like to see any of the configuration files, I am happy to share the setup in more details. (although today the setup is quite different from the "day one" configuration, I have the configuration backup).
No comments:
Post a Comment