myDeden.Kom

Pemulung yang Berusaha Memanfaatkan Limbah Sebaik Mungkin

Konfigurasi Router di FreeBSD menggunakan IPFW

Posted by kang deden pada 31 Januari, 2007

. Install FreeBSD(If u need help installing, Click here
pic
2. Compile kernel with aditional options for ipfw router:

3. execute at prompt:
#cd /usr/src/sys/i386/conf
#cp GENERIC ROUTER
#edit ROUTER

4. —- add in file ROUTER, at the end the following lines ———-
options IPDIVERT
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_FORWARD
options DUMMYNET
options HZ=1000
—- end of file router

5. execute at prompt:
# config ROUTER
# cd ../compile/ROUTER
#make depend
#make
#make install

6. —- edit /etc/rc.conf —————————————————-
defaultrouter=”86.124.80.1″
gateway_enable=”YES”
hostname=”router”
ifconfig_fxp0=”inet 83.123.213.23 netmask 255.255.255.252″
ifconfig_fxp1=”inet 10.0.0.1 netmask 255.255.255.0″
sshd_enable=”YES”
natd_enable=”YES”
natd_flags=””
named_enable=”YES”
natd_interface=”fxp0″
firewall_enable=”YES”
firewall_quiet=”NO”
firewall_script=”/etc/router.firewall”
firewall_logging=”YES”
inetd_enable=”YES”
kern_securelevel_enable=”NO”
—- end of rc.conf

7. —- edit /etc/resolv.conf ————————————————
nameserver ip_of_your_dns
—- end of resolv.conf ———————————————

8. —- edit /etc/router.firewall———————————————-
fwcmd=/sbin/ipfw
$fwcmd add 00010 divert 8668 ip from any to any via fxp0
$fwcmd add 00020 allow ip from any to any via lo0
$fwcmd add 00030 deny ip from any to 127.0.0.0/8
$fwcmd add 00040 deny ip from 127.0.0.0/8 to any

$fwcmd add 50 allow ip from 10.0.0.2 to any
$fwcmd add 60 allow ip from any to 10.0.0.2

$fwcmd add 70 allow ip from 10.0.0.3 to any
$fwcmd add 80 allow ip from any to 10.0.0.3

$fwcmd add 90 allow ip from 10.0.0.4 to any
$fwcmd add 100 allow ip from any to 10.0.0.4

$fwcmd add 110 allow ip from 10.0.0.5 to any
$fwcmd add 120 allow ip from any to 10.0.0.5

$fwcmd add 35000 allow ip from me to any
$fwcmd add 35001 allow ip from any to me
—- end of router.firewall——————————————–

Comments:
fpx0 is external interface, you should assign your public ip here
fxp1 is internal interface

fxp0 and fxp1 are intel network cards, you should use your own devices here, if you have other types of cards then your nic device will not be fxp.
To check the name of your devices type ifconfig or dmesg | more.

The file /etc/router.firewall is the firewall rule file, in this example I’ve allowed only ips 10.0.0.2-10.0.0.5 to use the router.

In the file /etc/resolv.conf you must put your dns servers, so instead of ip_of_your_dns here in example you should have the ip of your dns😀

After compiling the kernel don’t forget to reboot.

2 Tanggapan to “Konfigurasi Router di FreeBSD menggunakan IPFW”

  1. […] source = Dedenthea […]

  2. Hello to every one, the contents present at this web page are really awesome for people experience, well, keep up the good
    work fellows.

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

 
%d blogger menyukai ini: