FreeBSD 5.0 Gateway Guide from:
http://freebsdchina.org
Version 2.0. Preview3
Huang Dong (HDCOLA@bj1860.net)
1. Preface 1
2. Install MPD 2
3. PPPOE 2
3.1. Using PPP 2
3.1.1. Setting up a PPP output using PPPoE 2
3.1.2. Automatically connect when setting startup 3
3.1.3. Manual connection 4
3.2. Using MPD 4
3.2.1. Configure your new Kernel 4
3.2.2. Configure MPD Profile 4
3.2.3. Automatically connect when setting startup 5
3.2.4. Manual connection 5
4. Set NAT Services 5
4.1. Starting PPP NAT Support 5
4.1.1. Automatically start 5 when system startup
4.1.2. Manual start 6
4.2. NATD 6 using IPFW
4.2.1. System Configuration 6
4.2.2. Set NATD 6 for PPP
4.2.3. Set NATD 7 for MPD
5. Configuration file summary 8
5.1. PPP allocate 8
5.1.1. /Etc/rc.conf 8
5.1.2. /Etc/ppp/ppp.conf 8
5.2. MPD allocated 9
5.2.1. Kernel configuration file 9
5.3. PPP NAT allocated 9
5.4. PPP uses NATD to allot 9
5.5. Use NATD MPD to allocate 9
5.6. PPP uses iPnat to allocate 9
5.7. MPD uses ipnat to allocate 9
1 Introduction
This article is called the FreeBSD 5.0 ADSL installation guide. Because it is, the more you do, the name is called the gateway installation guide. It refers to the installation of a series of applications for the gateway. This name also hopes that everyone can make an idea. I hope everyone can tell me some of my opinions and suggestions, my contact method is: hdcola@bj1860.net. At the same time, you can also go to http://www.huangdong.com/bbs/ to discuss with everyone.
The main purpose of this paper is to explain how to use FreeBSD to create a gateway, which involves ADSL (PPPoE), VPN (PPTP), NAT, Firewall. I don't want to write a big-like article, the main target is that everyone will slowly use PPPoE and VPN in the broadband.
This article does not involve the traditional part of the traditional telephone dial, the main reason is that there are too many articles to tell it. The in-depth discussion of FireWall will not mention this article, because it itself will be a space with this article, I believe that for IPFW, Ipfilter will write a more professional article.
In order to let everyone understand that PPPoE is different from PPTP, so as not to produce my previous confusion, let's tell you their use. Now we use PPPoE mainly ADSL, we can use the ADSL Modem just a dialer, which does not have a network function, just like using the unit device. PPTP is a server with an IP address on the network. I know usually in the campus network, the company network will use such a dial-up server to make a bill or security.
The PPPoE and PPTP tools used herein are primarily the PPP with FreeBSD and the MPD using NETGRAPH. You can use PPP to reach the PPPoE dial, using MPD, you can use MPD to implement the features of PPPoE and PPTP. Due to the power of MPD, I recommend you to use MPD when using PPTP.
I feel that Quakelee is recommended to give me a good tool like MPD, while the universal work of MPD. And OneFlower timely pointed out how clever uses the IPFW configuration file. At the same time, I would like to thank the absolute irrigation to urge this article so quickly a new version. Almost feel the big babies and little babies, they allow me to test all the settings in this article using the ADSL devices in the home. ?
2. Install MPD
Since PPP is a feature comes with FreeBSD, MPD is an additional software for FreeBSD. You can compile it with FreeBSD Ports Collection. The latest version of MPD is 3.13, the compilation method using Ports is: CD / USR / PORTS / NET / MPD
Make Install
Make clean
If you don't have Ports Collection, you can also find the Package installation package of MPD3.13 in the BSD version of Http://www.huangdong.com/bbs/. The installation method using the package installation package is:
PKG_ADD MPD-3.13.tbz
You can also download the MPD source code package yourself by http://www.dellroad.org/mpd/.
3. PPPoe
3.1. Using PPP
3.1.1. Setting up a PPP call out using PPPoE
Back up the PPP.conf in / etc / ppp, the following is the content in the new PPP.conf:
DEFAULT:
SET log Phase Chat LCP IPCP CCP TUN COMMAND
Nat enable Yes
NAT Same_ports Yes
NAT us_sockets Yes
Set Redial 15 28800
Set reconnect 15 28800
PPPoe:
# Join the name of the NIC connection to the ADSL device configured in Kernel, mine is FXP0
Set Device PPPoe: FXP0:
SET MRU 1492
Set MTU 1492
Set speed sync
ENABLE LQR
Set lqrperiod 5
SET CD 5
SET DIAL
Set login
Set Timeout 0
Set authname your username used to login
Set Authkey Your Password Used to Login
SET IFADDR 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
Add Default Hisaddr # Add A (Sticky) Default Route
Enable DNS
# Note: Only three places you need to make changes, they are PPPoE: FXP0: and usernames and passwords.
If you don't know where the device name from the NIC can get it through the ifconfig -a command, my computer's results are as follows:
FXP0: Flags = 8843
INET 192.168.10.50 Netmask 0xfffffffff00 Broadcast 192.168.10.255
Ether 00: D0: 59: 0D: 08: 03
Media: Ethernet AutoSelect (10Baset / UTP)
Status: Active
LO0: Flags = 8049
INET 127.0.0.1 Netmask 0xff000000
3.1.2. Automatically connect when setting startup
Add the following parameters in /etc/rc.conf (PPP_Mode Set the function of the disconnection redial):
PPP_ENABLE = "YES"
# PPP_Mode = "DDIAL"
PPP_MODE = "Background"
PPP_PROFILE = "PPPoe"
The PPP_Profile here corresponds to an entry in the PPP.conf in / etc / ppp. 3.1.3. Manual connection
If you want to manually initiate a connection, just enter on the command line:
PPP -DDial PPPoe
The last parameter is an entry in PPP.conf set in / etc / ppp.
3.2. Using MPD
3.2.1. Configure your new kernel
Add the following to the PPPoe protocol of the ADSL to the Kernel configuration file:
# ADSL PPPOE SUP
Options netgraph
Options Netgraph_ETHER
Options netgraph_socket
Options netgraph_pppoe
After recompilating, installed and restart the machine, you can use Netgraph. That is, MPD can be used normally.
3.2.2. Configure MPD Profiles
MPD configuration files are stored in / usr / local / etc / mpd, which has produced a series of Sample files for us after installation of MPD. We need to generate three profiles using PPPoE:
3.2.2.1. Mpd.conf
PPPoe:
New -i ng0 pppoe pppoe
Set ifce addrs 1.1.1.1 2.2.2.2
SET IFACE ROUTE DEFAULT
SET IFACE DISABLE ON-DEMAND
SET IFACE IDLE 0
Set Bundle Disable MultiLink
Set bundle authname username
Set Link No Acfcomp Protocomp
Set Link Disable PAP CHAP
Set Link Accept Chap
Set Link Mtu 1460
SET IPCP YES VJComp
Set Ipcp Ranges 0.0.0.0.0/0 0.0.0.0/0
Open ifce
Here you need to use your PPPoe user name to replace the UserName behind the set bundle author.
3.2.2.2. MPD.LINKS
PPPoe:
Set link type pppoe
Set PPPoE IFACE FXP0
Set PPPoe Service "ADSL"
Here you need to replace FXP0 using your network card.
3.2.2.3. Mpd.secret
UserName "Password"
Use your username in MPD.conf to replace the username here, use your PPPoE server to replace the Password here.
3.2.3. Automatically connect when setting startup
Create a new file in the /usr/local/tc/rc.d directory, named 000.mpd.sh, content:
/ usr / local / sbin / mpd -b pppoe
It should be noted that you need to make 000.mpd.sh have executable capabilities. You can use this command:
CHMOD X /USR /LOCAL/etc/rc.d/000.mpd.sh
3.2.4. Manual connection
In fact, it is 000. MPD.SH which sentences:
/ usr / local / sbin / mpd -b pppoe
4. Set up NAT services
4.1. Startup PPP NAT Support
4.1.1. Automatically start when the system starts
At the same time, you also need to specify this desk freebsd as a gateway server. Set the Gateway selection in /etc/rc.conf and PPP dial-up options:
Gateway_enable = "yes"
PPP_NAT = "YES"
NATD_ENABLE = "YES"
NATD_INTERFACE = "TU0"
Gateway_enable = "YES" In addition to setting up in /etc/rc.conf, you can add the following settings in /etc/ppp/ppp.conf:
Nat enable Yes
This will open the PPP built-in NAT service. If you add this parameter in ppp.conf, it doesn't matter if you add ppp_nat = "yes" in rc.conf.
For NAT support using PPP We will find that it is the best choice for NAT features for light-type applications and only providing transparent forwarded gateways to use PPP.
4.1.2. Manual startup
If you have changed Nat Enable Yes in ppp.conf, you can still start PPP using the PPP -DDial PPPoE command line. Moreover, PPP also supports NAT's functionality directly. But you can also have you:
PPP-Nat -DDial PPPoe
Command to manually display the PPP NAT support.
4.2. NATD using IPFW
4.2.1. System configuration
4.2.1.1. Add firewall configuration in Kernel
Add the following option parameters in the kernel configuration file:
Options ipfirewall
Options IpfireWall_Verbose
Options ipfirewall_verbose_limit = 100
4.2.1.2. Setting the system startup parameters
Add the following settings in /etc/rc.conf:
ipfirewall_enable = "yes"
FireWall_Type = "open"
4.2.2. Set NATD for PPP
In order to make PPPs have portmapping features which use NATD. For PPP, use ifconfig after starting the PPP, use IFConfig, PPP start and TUN0 or TUNX are used in KERNEL:
Device tun # packet tunnel.
Equipment to form an independent network device. So before the device NATD you need to confirm the device number that your PPP will use. Usually, if only one is dial once, the device name should be TUN0. Add the following NATD settings in /etc/rc.conf:
NATD_ENABLE = "YES"
NATD_INTERFACE = "TUN0"
NATD_FLAGS = "- f /etc/natd.conf"
Also don't forget that in rc.conf also needs a setting of Gateway_enable = "Yes". Since my portmapping project is more, I like to put all settings into a file, which is /etc/natd.conf. The following is my NATD.CONF setting:
Dynamic YES
Redirect_port TCP 192.168.10.100:80 8080
Redirect_port udp 192.168.10.100:3782 3782
REDIRECT_PORT UDP 192.168.10.100:3783 3783
Redirect_port TCP 192.168.10.100:3782 3782
Redirect_port TCP 192.168.10.100:3783 3783
Since the PPP is used, its IP address is dynamically allocated, so the parameter used by Dynamic Yes.
4.2.3. Set NATD for MPD
In the previous section, we explain that NATD needs to use a network interface to do the network card interface of the outer network, which uses NG0 or NGX in the MPD. You can refer to your mpd.conf settings. Used in this document is NG0, so we need to add the following settings in our /etc/rc.conf:
NATD_ENABLE = "YES" NATD_INTERFACE = "Ng0"
NATD_FLAGS = "- f /etc/natd.conf"
For settings in natd.conf, see the settings in the next section, in fact, in the MPD and PPP, in addition to the NATD interface, other is the same.
Since the MPD cannot start through /tc/rc.conf, the shell script in /usr/local/tc/rc.d will start late from NATD startup time, so in order to start MPD in NATD, you can use The following method:
In /etc/rc.firewall
############
# Flush out the list before we begin.
#
$ {fwcmd} -f flush
Back
/ usr / local / sbin / mpd -b pppoe
Sleep 10
This allows NATD to start, the MPD has started and has been dynamically obtained for the NG0 network card. It should be noted that don't forget to delete the mpd.sh in /usr/local/tc/rc.d.
