myDeden.Kom

Pemulung yang Berusaha Memanfaatkan Limbah Sebaik Mungkin

Setting Dial-up Internet Gateway di FreeBSD

Posted by kang deden pada 31 Januari, 2007

order to fulfill the demand of NAT(Network Address Translation ) and Firewall, FREEBSD provides 2 different filtering default packets; one IPFW for firewalling and NATD for NAT. For further information you can , visit http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html . it might help you for a better understanding of IPFW and NATD.On the other hand, we are here not to discuss about using either NATD or IPFW, rather we are going to discuss about IPFilter to replace IPFW and NATD.We can go to the IPFILTER official site,  http://coombs.anu.edu.au/ipfilter/ , download the source and we need to rebuild the kernel to install IPFILTER, It is recommended for us to read the README file before installing IPFilter due to different versions that exist: each version has its own way of installing . As an example I used IPFilter v3.4.20, I do these following steps :

                #tar -xzvf ipfilter-xxx.tar.gz

                #cd ipfilter-xxx/

                #make freebsd4

                #make install-bsd

                #FreeBSD-4/kinstall

And now it’s time to rebuild your kernel :

                #cd /usr/src/sys/i386/conf/ 

edit the kernel configuration file (e.g. GENERIC ). advisable for you to make a backup , copy the GENERIC to the file called KERNIPF. Open KERNIPF file with your editor and add this :  

options IPFILTER
options IPFILTER_LOG

change the ident section :

ident KERNIPF

save the file and exit, afterwards :

                #config KERNIPF

                #cd ../../compile/KERNIPF

                #make depend

                #make

                #make install

                #reboot

After rebooting, make sure that your IPFilter already been installed. To know whether you have already installed your IPFilter 
type  #dmesg | grep IP   , If the program response  : “IP Filter: v3.4.x initialized. Default = pass all  Logging =enabled”, meaning, that your IPFilter has been successfully installed. All we need now is creating the rules for ipf and ipnat. Visit the IPFilter’s howto in   http://www.obfuscation.org/ipf/  for details. These are some of the following samples :

# ipf.rules sample
block in log all
pass out all
pass in on rl0 all
pass in on lo0 all
block in log quick on tun0 from 0.0.0.0/32 to any
block in log quick on tun0 from 255.255.255.255/32 to any
block in log quick on tun0 from 127.0.0.0/8 to any
block in log quick on tun0 from any to 0.0.0.0/32
block in log quick on tun0 from any to 255.255.255.255/32
block in log quick on tun0 from any to 127.0.0.0/8
block in log quick on tun0 from 192.168.0.0/16 to any
block in log quick on tun0 from 172.16.0.0/12 to any
block in log quick on tun0 from 10.0.0.0/8 to any
pass in quick on tun0 proto icmp all icmp-type 0
pass in quick on tun0 proto icmp all icmp-type 3
pass in quick on tun0 proto icmp all icmp-type 11
pass in quick proto tcp from any to any port = 113
pass in quick proto udp from any to any port = 113
pass out on tun0 proto tcp all keep state
pass in on tun0 proto udp from any port = 53 to any
block in quick on tun0 proto tcp all flags S/SA
block out quick on tun0 proto tcp all flags SA/SA
#END

—————————————————————————————————————————–

#ipnat.rules sample
map tun0 192.168.0.0/24 -> 0.0.0.0/32
#end

Note : rl0 = ethernet interface , tun0 = external interface/ PPP tunnel ( the interface which connect to internet ), lo0 = loopback

Put the ipf.rules and ipnat.rules files in /etc/ , to make the rules work each time the system rebooted , open your rc.local file and put these command :

/sbin/ipf -f /etc/ipf.rules
/sbin/ipnat -f /etc/ipnat.rules

Reboot your computer . To check and make sure whether the rules are loaded , type :

#ipfstat -hio             

#ipnat -l  

The IPFILTER should work well now. As a gateway for your clients we have to enable net.inet.ip.fowarding by putting  gateway_enable=”YES” in your rc.conf file.

Satu Tanggapan to “Setting Dial-up Internet Gateway di FreeBSD”

  1. 融資とは金融機関から少額の資金を貸してもらう事です。普通にお金を借りようとすると保証人になってくれる人や担保となる物が必要になります。

    けれども、キャッシングの場合は保証人や担保を準備する必要がなく借金できます。

    免許証などの本人確認ができる書類があるのなら通常は融資を受けられます。

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

 
%d blogger menyukai ini: