0

I am trying to set up a freebsd router that sits between the cable/dsl modem and my lan machines. Here is the logical setup:

Cable/DSL modem connected to internet:

gateway 192.168.0.1

FreeBSD Router (with two nics):

em0 192.168.0.121 ue0 10.0.0.1

FreeBSD Lan Machine:

em0 10.0.0.2

It seems like the path from the lan to the wan should be 10.0.0.2->10.0.0.1->192.168.0.1->wan and that I should be able to ping a machine on the internet from the lan machine.

In summary, though:

  • The internet is accessible from the FreeBSD router.
  • The lan machine is acccessible from the FreeBSD router.
  • The FreeBSD router is accessible from the lan machine.
  • The internet is not accessible from the lan machine.

Here are the /etc/rc.conf entries on the router:

ifconfig_ue0="inet 10.0.0.1 netmask 255.255.255.0" ifconfig_em0="inet 192.168.0.121 netmask 255.255.255.0" gateway_enable="YES" defaultrouter="192.168.0.1"

Here are the /etc/rc.conf entries on the lan machine:

ifconfig_em0="inet 10.0.0.2 netmask 255.255.255.0" defaultrouter="10.0.0.1"

Here are the routing table entries from the FreeBSD router (loki):

netstat -r Routing tables Internet: Destination Gateway Flags Netif Expire default 192.168.0.1 UGS em0 10.0.0.0/24 link#3 U ue0 10.0.0.1 link#3 UHS lo0 127.0.0.1 link#2 UH lo0 192.168.0.0/24 link#1 U em0 192.168.0.121 link#1 UHS lo0

Here are the routing table entries from the lan machine (freebird):

netstat -r Routing tables Internet: Destination Gateway Flags Netif Expire default 10.0.0.1 UGS em0 10.0.0.0 link#1 U em0 10.0.0.2 link#1 UHS lo0 freebird link#2 UH lo0

netstat on the lan machine is sloooowwwww.

Does this information appear correct for the setup, or is there an apparent problem??

Improve this question
9
  • how configurable is your adsl router? can you set it to use just dumb bridging mode and the run pppoe on your freebsd box? that will be a lot simpler and a lot less problematic because then everthing is done on the freebsd box (and its external NIC, em0 i think, has the public internet address). Commented Nov 5, 2015 at 3:41
  • @cas I don't think I can set up bridge mode on the adsl router. It's from the cable company and they have it pretty locked down. Commented Nov 5, 2015 at 5:00
  • if netstat is slow, it's almost certainly because it is trying to resolve hostnames for the IP addresses - and can't because the lan machine can't access the internet. try netstat -rn to test. it doesnt solve your problem, but i recommend running a local dns resolver (e.g. unbound) on your freebsd gw and configuring all the lan machines (perhaps via dhcp) to use it. Commented Nov 5, 2015 at 5:43
  • 1
    have you configured your freebsd box to do NAT? or, better yet, configured the ADSL router to NAT all traffic from the LAN port, not just traffic with 192.168.0/24 src addresses? See freebsd.org/doc/handbook/firewalls-ipfw.html for info about ipfw and NAT Commented Nov 5, 2015 at 5:46
  • @cas is it possible to manually configure dns for the lan machine to point to the gateway for dns resolution? and no I haven't configured NAT on the freebsd box and I don't know what you mean by having the adsl router NAT all traffic from the LAN port. Commented Nov 5, 2015 at 7:28

3 Answers 3

Reset to default
2

I think you need to add a static route on your modem, to route all incoming traffic for 10.0.0.0/8 to 192.168.0.121.

I am rather assuming that NAT is being done in the modem here.

Improve this answer
0

This would be solution in pf firewall, in case NAT-ing is not done in modem. However, NAT-ing can be done in pppd or pppoe, as you state you're using DSL.

Edit /etc/pf.conf:

external_iface="em0" # your WAN facing interface internal_iface="ue0" # your LAN facing interface set skip on lo0 # skip filtering on loopback nat on $external_iface from $internal_iface:network to any -> ( $external_iface:0) block in on $external_iface pass in quick on $internal_iface from $internal_iface:network to any keep state pass out on $external_iface

Regarding DNS, you can setup a local_unbound on Frebsd box, set it to listen on 192.168.0.1, then either push this configuration over dhcpd to your clients on LAN, or manually editing /etc/resolv.conf like:

echo 'nameserver 192.168.0.1' > /etc/resolv.conf
Improve this answer
0

You need to set up NAT in your FreeBSD Router machine and need to NAT(With port translation) your 10.0.0.0/8 networks to 192.168.0.121/32 IP address. Otherwise your LAN machine can not access internet

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.