Building an internet gateway
1 / 19

Building an Internet Gateway - PowerPoint PPT Presentation

  • Updated On :

Building an Internet Gateway The ABC of NAT on BSD Overview Introduction Equipment Configuration Installation & LAN Internet sharing via POTS/ADSL modem Internet sharing via cable modem Firewall Configuring LAN Machines Caveats & Future Options Introduction Aim is to:

Related searches for Building an Internet Gateway

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Building an Internet Gateway' - lotus

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Building an internet gateway l.jpg

Building an Internet Gateway

The ABC of NAT on BSD

Overview l.jpg

  • Introduction

  • Equipment

  • Configuration

    • Installation & LAN

    • Internet sharing via POTS/ADSL modem

    • Internet sharing via cable modem

    • Firewall

  • Configuring LAN Machines

  • Caveats & Future Options

Introduction l.jpg

  • Aim is to:

    • Share an Internet connection over a LAN

    • Protect the LAN from the Internet

  • Also hope to:

    • require only minimal maintenance,

    • provide a remote administration capability,

    • provide automatic configuration forLAN, and

    • not interfere with Internet operation.

Introduction4 l.jpg

  • Why build a PC-based gateway?

    • To run services, such as:

      • a domain name service for local machines,

      • a shared web proxy,

      • a personal or business web server,

      • a mail server to centralise access to your mail,

      • a file server for backup or extra storage.

    • To impress your friends/opposite sex.

    • Because you love FreeBSD.

Equipment l.jpg

  • A basic PC

    • CPU & m/b (Pentium 90+ is overpowered)

    • RAM, HDD, FDD, video card, keyboard, etc

    • Newer peripherals are better!

  • A network card for the LAN

  • A hub/switch and cables for the LAN

  • A modem (POTS, ADSL, or cable)

    • Modem may require an extra network card

Install configure lan l.jpg
Install & Configure LAN

  • Install FreeBSD (use handbook)

  • Use sysinstall to activate gateway

    • Or add gateway_enable=“yes” to rc.conf

    • Or run sysctl –w net.inet.ip.forwarding=1

  • Set up network card for LAN

    • Use static IP address from test ranges

    • E.g

Configure ppp l.jpg
Configure PPP

  • POTS and ADSL users

    • Config stored in /etc/ppp/ppp.conf

    • Samples in /usr/share/examples/ppp/

  • Can set up multiple profiles in one file

  • Can choose operating mode:

    • ddial – continuous connection

    • auto – on-demand connection

    • background – once-off connection

Configure ppp8 l.jpg
Configure PPP

  • Profiles share a default configuration

  • Sample:


ident user-ppp VERSION (built COMPILATIONDATE)

allow users root ppp

set log Phase Chat LCP IPCP CCP tun command

set ifaddr

accept chap

accept pap

add default HISADDR

nat enable yes

enable dns

Configure ppp over pots l.jpg
Configure PPP over POTS

  • Need to specify a basic modem script

  • Sample:


set device /dev/cuaa0

set redial 15+30 3

set reconnect 15 3

set speed 115200



set login ""

set timeout 0

set phonedialup-phone

set authname dialup-username

set authkeydialup-password

Configure ppp over adsl l.jpg
Configure PPP over ADSL

  • Need to enable netgraph(4)

    • kldload netgraph

  • Sample profile:


set device PPPoE:interface-name

set mru 1492

set mtu 1492

set speed sync

enable lqr

set dial ""

set login ""

set redial 15 10000

set timeout 0

set lqrperiod 5

set authname adsl-username

set authkey adsl-password

Running ppp l.jpg
Running PPP

  • PPP invoked with mode and profile

    • E.g. ppp –auto dialup

  • To run at start-up edit rc.conf

    • E.g for ADSL:

      • ppp_enable="YES"

      • ppp_mode="ddial"

      • ppp_profile="adsl"

      • ppp_user="ppp"

      • ppp_nat="YES"

Configure for cable l.jpg
Configure for Cable

  • Use DHCP to configure network card

  • Uses firewall rule to handle NAT

  • Configure natd(8) to run at start-up

    • Add to rc.conf:




Configure for bigpond cable l.jpg
Configure for BigPond Cable

  • Telstra BigPond users need BPALogin

    • Download FreeBSD port (

    • Extract (tar –xvzf bpalogin-port.tar.gz)

    • Build (cd bpalogin ; make)

    • Install (make install)

    • Edit /usr/local/etc/bpalogin.conf

Configure for bigpond cable14 l.jpg
Configure for BigPond Cable

  • Sample /usr/local/etc/bpalogin.conf:

# Print some diagnostics

debuglevel 1

# Authentication details

username your-username

password your-password

# You can override the default domain if you do not have

# search in your /etc/resolv.conf


# Use port 5050 on the local machine

localport 5050

# Set the minimum heartbeat interval.

minheartbeatinterval 60

Configuring firewall l.jpg
Configuring Firewall

  • FreeBSD includes simple LAN firewall

  • Allows incoming mail, web, DNS

  • Allows all outgoing traffic

  • Needs minor tweaks to rc.firewall

  • Enable through rc.conf



Configuring firewall16 l.jpg
Configuring Firewall

  • Edit rc.firewall (about line 20)

# set these to your outside interface network and netmask and ip


onet="" # delete

omask="" # delete


# set these to your inside interface network and netmask and ip






# Stop spoofing

${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif}

${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif} # delete

Configuring lan machines l.jpg
Configuring LAN Machines

  • Configure with static IP

    • E.g.,

    • Netmask is the same (e.g

  • Must manually copy DNS info

  • Gateway IP is often required

    • May sometimes be referred to as a router

Caveats l.jpg

  • NAT interferes with traffic

    • Okay for most connections (e.g. TCP)

    • Breaks active FTP (use passive FTP)

    • Creates problems for ICQ (and other UDP)

    • Breaks protocols that embed local IP

  • Firewalls can cause problems

    • Some protocols make incoming connections

      • E.g. identd for IRC, gnutella, other P2P

Future l.jpg

  • Use gateway as a DHCP server

    • Automatically provide IP, DNS, gateway to LAN machines

  • Web proxy (e.g. squid)

  • Web server (e.g apache)

  • Mail server (e.g postfix, qmail)

  • IMAP mail store (e.g. cyrus, courier)