Setting Up a FreeBSD Router, Step-by-Step


© 11/20/2006 Nicholas Kilkenny of TechArsenal.com

Table of Contents

  1. Preliminary Setup
  2. Setting up IPNAT
  3. Setting up the DHCP Server
  4. Setting up the Forwarding DNS Server
  5. Setting up PPPoE
  6. Final Steps


HARDWARE INFO:
rl0 - NIC facing the 192.168.0.0 network
xl0 - NIC facing the 192.168.1.0 network
xl1 - NIC facing the modem
tun0 - The virtual NIC used by PPP, facing the outside

SECTION 1: PRELIMINARY SETUP

  1. Install FreeBSD
  2. Enable the rl0 network card and give it an address by adding the following line to /etc/rc.conf
    this is a temporary address, and we're doing this so we can log into the computer via SSH for convenience. 
    ifconifg_rl0="inet 192.168.0.10 netmask 255.255.255.0"
  3. Enable the xl0 network card and give it an address by adding the following line to /etc/rc.conf 
    ifconifg_xl0="inet 192.168.1.1 netmask 255.255.255.0"
  4. Set the defaultrouter in /etc/rc.conf to the address of the existing router: 
    defaultrouter="192.168.0.1"
  5. Set the nameserver in resolv.conf to the address of the exisitng name server: 
    nameserver	192.168.0.1
  6. In /etc/rc.conf enable the gateway function of FreeBSD by adding this line: 
    gateway_enable=YES
Back to Top

SECTION 2: SETTING UP IPNAT

  1. Making FreeBSD load the IPNAT kernel module on bootup is easy, simply add this line to rc.conf: 
    ipnat_enable="YES"
  2. Create the IPNAT configuration file /etc/ipnat.rules
  3. Add the two lines in /etc/ipnat.rules that are for outgoing connections: 
    map tun0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp/udp 40000:65000
map tun0 192.168.0.0/16 -> 0.0.0.0/32
  4. Add any redirection lines you may want. They take the following form: 
    rdr [INCOMING INTERFACE NAME] [INCOMING IP ADDRESS/(32 FOR PUBLIC / 16 FOR PRIVATE)] port [PORT] -> [IP ADDRESS OF MACHINE YOU WANT TO FORWARD TO] port [PORT]
    An example, used for a webserver: 
    rdr tun0 70.232.254.2/32 port 80 -> 192.168.1.90 port 80
  5. After every time you alter the /etc/ipnat.rules file and want the changes to take effect, use the following commands:

    To clear the current settings: 
    #ipnat -C
    To load the new settings: 
    #ipnat -f /etc/ipnat.rules
    To view the current settings: 
    #ipnat -l
Back to Top

SECTION 3: SETTING UP THE DHCP SERVER

  1. Grab and decompress the ports tree: 
    #cd /usr

#fetch ftp://ftp.freebsd.org/pub/FreeBSD/ports/ports/ports.tar.gz

#tar xvfz ports.tar.gz
  2. rc.subr capability is needed for ISC DCHP server, so install it from the ports: 
    #cd /usr/ports/sysutils/rc_subr

#make install clean
  3. Install ISC DHCPD from the ports: 
    #cd /usr/ports/net/isc-dhcp3-server

#make install clean
  4. Configure DHCPD:
    edit /usr/local/etc/dhcpd.conf so it looks like the following: 
    #ee /usr/local/etc/dhcpd.conf

option domain-name "example.com";
option domain-name-servers 206.141.193.55;	#a valid DNS server, given by your ISP
option subnet-mask 255.255.255.0;

default-lease-time 86400;
max-lease-time 86400;
ddns-update-style none;

subnet 192.168.0.0 netmask 255.255.255.0 {
  range 192.168.0.150 192.168.0.200;	#the range of IPs you want it to give out
  option routers 192.168.0.1;
}
  5. To make DHCPD start on boot add the following line to /etc/rc.conf: 
    dhcpd_enable="YES"
Back to Top

SECTION 4: SETTING UP THE FORWARDING DNS SERVER

  1. Configure DNS forwarding:
    edit the file /etc/namedb/named.conf: 
    #ee /etc/namedb/named.conf
    uncomment where it says "forward only" and "forwarders" and place one of your ISP's DNS servers between the forwarders brackets.

  2. To make the name server start at boot add the following line to /etc/rc.conf: 
    named_enable="YES"
Back to Top

SECTION 5: SETTING UP PPPoE

  1. PPPoE's configuration file is /etc/ppp/ppp.conf, edit it: 
    #ee /etc/ppp/ppp.conf

default:
 set device PPPoE:xl1  #xl1 is the NIC the modem is connected to
 set speed sync
 set mru 1492
 set mtu 1492
 set ctsrts off
 enable lqr
 set log phase tun
 add default HISADDR #grabs the ISP's gateway's address and makes it your defaultrouter
 nat enable no

att:
 set authname USERNAME  #Replace USERNAME with your ISP login name
 set authkey PASSWORD   #Replace PASSWORD with your ISP login password
  2. Run PPP manually if you want to test it out:

    the commands form is /usr/sbin/ppp -MODE -PROFILE, in our case, we want it to run in the background and use the profile 'att', which we defined in the config file. 
    #/usr/sbin/ppp -background att
  3. Making it so that PPP runs on boot:
    add the following lines to /etc/rc.conf: 
    ppp_enable="YES"	#so that PPP starts
ppp_nat="NO"		#IPNAT does our NAT, so we don't want this
ppp_profile="att"	#use the 'att' profile
ppp_mode="ddial"	#this mode makes ppp reconnect when disconnected
Back to Top

SECTION 6: FINAL STEPS

  1. Change the address of the interface facing the internal network 192.168.0.0 
    #ifconfig rl0 inet 192.168.0.1 netmask 255.255.255.0
#ee /etc/rc.conf

ifconifg_rl0="inet 192.168.0.1 netmask 255.255.255.0"
  2. Comment out or delete the defaultrouter"192.168.0.1" line in /etc/rc.conf
  3. Put the address of your ISP's DNS server(s) in /etc/resolv.conf 
    #nameserver 206.141.193.55
  4. Hook it up!
Back to Top