advertisement

Building an Internet Gateway

43 %
57 %
advertisement
Information about Building an Internet Gateway
Entertainment

Published on November 26, 2007

Author: Kiska

Source: authorstream.com

advertisement

Building an Internet Gateway:  Building an Internet Gateway The ABC of NAT on BSD Overview:  Overview Introduction Equipment Configuration Installation & LAN Internet sharing via POTS/ADSL modem Internet sharing via cable modem Firewall Configuring LAN Machines Caveats & Future Options Introduction:  Introduction Aim is to: Share an Internet connection over a LAN Protect the LAN from the Internet Also hope to: require only minimal maintenance, provide a remote administration capability, provide automatic configuration for LAN, and not interfere with Internet operation. Introduction:  Introduction Why build a PC-based gateway? To run services, such as: a domain name service for local machines, a shared web proxy, a personal or business web server, a mail server to centralise access to your mail, a file server for backup or extra storage. To impress your friends/opposite sex. Because you love FreeBSD. Equipment:  Equipment A basic PC CPU & m/b (Pentium 90+ is overpowered) RAM, HDD, FDD, video card, keyboard, etc Newer peripherals are better! A network card for the LAN A hub/switch and cables for the LAN A modem (POTS, ADSL, or cable) Modem may require an extra network card Install & Configure LAN:  Install & Configure LAN Install FreeBSD (use handbook) Use sysinstall to activate gateway Or add gateway_enable=“yes” to rc.conf Or run sysctl –w net.inet.ip.forwarding=1 Set up network card for LAN Use static IP address from test ranges E.g 192.168.0.1/24 10.0.0.1/24 Configure PPP:  Configure PPP POTS and ADSL users Config stored in /etc/ppp/ppp.conf Samples in /usr/share/examples/ppp/ Can set up multiple profiles in one file Can choose operating mode: ddial – continuous connection auto – on-demand connection background – once-off connection Configure PPP:  Configure PPP Profiles share a default configuration Sample: default: ident user-ppp VERSION (built COMPILATIONDATE) allow users root ppp set log Phase Chat LCP IPCP CCP tun command set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 accept chap accept pap add default HISADDR nat enable yes enable dns Configure PPP over POTS:  Configure PPP over POTS Need to specify a basic modem script Sample: dialup: set device /dev/cuaa0 set redial 15+30 3 set reconnect 15 3 set speed 115200 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \ \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT" set login "" set timeout 0 set phone dialup-phone set authname dialup-username set authkey dialup-password Configure PPP over ADSL:  Configure PPP over ADSL Need to enable netgraph(4) kldload netgraph Sample profile: adsl: set device PPPoE:interface-name set mru 1492 set mtu 1492 set speed sync enable lqr set dial "" set login "" set redial 15 10000 set timeout 0 set lqrperiod 5 set authname adsl-username set authkey adsl-password Running PPP:  Running PPP PPP invoked with mode and profile E.g. ppp –auto dialup To run at start-up edit rc.conf E.g for ADSL: ppp_enable="YES" ppp_mode="ddial" ppp_profile="adsl" ppp_user="ppp" ppp_nat="YES" Configure for Cable:  Configure for Cable Use DHCP to configure network card Uses firewall rule to handle NAT Configure natd(8) to run at start-up Add to rc.conf: natd_enable="YES" natd_interface="rl0" natd_flags="-dynamic" Configure for BigPond Cable:  Configure for BigPond Cable Telstra BigPond users need BPALogin Download FreeBSD port (http://bpalogin.sourceforge.net/) Extract (tar –xvzf bpalogin-port.tar.gz) Build (cd bpalogin ; make) Install (make install) Edit /usr/local/etc/bpalogin.conf Configure for BigPond Cable:  Configure for BigPond Cable Sample /usr/local/etc/bpalogin.conf: # Print some diagnostics debuglevel 1 # Authentication details username your-username password your-password # You can override the default domain if you do not have # search vic.bigpond.net.au in your /etc/resolv.conf authdomain vic.bigpond.net.au # Use port 5050 on the local machine localport 5050 # Set the minimum heartbeat interval. minheartbeatinterval 60 Configuring Firewall:  Configuring Firewall FreeBSD includes simple LAN firewall Allows incoming mail, web, DNS Allows all outgoing traffic Needs minor tweaks to rc.firewall Enable through rc.conf firewall_enable="YES" firewall_type="simple" Configuring Firewall:  Configuring Firewall Edit rc.firewall (about line 20) # set these to your outside interface network and netmask and ip oif="ed0" onet="192.0.2.0" # delete omask="255.255.255.240" # delete oip="192.0.2.1" # set these to your inside interface network and netmask and ip iif="ed1" inet="192.168.0.0" imask="255.255.255.0" iip="192.168.0.1" setup_loopback # Stop spoofing ${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif} ${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif} # delete Configuring LAN Machines:  Configuring LAN Machines Configure with static IP E.g. 192.168.0.2, 192.168.0.14 Netmask is the same (e.g 255.255.255.0) Must manually copy DNS info Gateway IP is often required May sometimes be referred to as a router Caveats:  Caveats NAT interferes with traffic Okay for most connections (e.g. TCP) Breaks active FTP (use passive FTP) Creates problems for ICQ (and other UDP) Breaks protocols that embed local IP Firewalls can cause problems Some protocols make incoming connections E.g. identd for IRC, gnutella, other P2P Future:  Future Use gateway as a DHCP server Automatically provide IP, DNS, gateway to LAN machines Web proxy (e.g. squid) Web server (e.g apache) Mail server (e.g postfix, qmail) IMAP mail store (e.g. cyrus, courier)

Add a comment

Related presentations

Related pages

"Building an Internet Gateway" by Davies, Ron ...

The Library of the International Labour Organization created a gateway to Internet sites in the areas of work, employment, and social issues titled WorkGate.
Read more

ON BUILDING AN INTERNET GATEWAY FOR INTERNET TELEPHONY

ON BUILDING AN INTERNET GATEWAY FOR INTERNET TELEPHONY Cheng-Yue Chang and Ming-Syan Chen Electrical Engineering Department National Taiwan University
Read more

Building a Gateway to the Internet of Things

Building a gateway to the Internet of Things 8 December 2014 requirements, lower board complexity, simplified device interconnect, reduced potential for
Read more

Building an Internet Gateway | Linux Containers

After setting up a LAN for your company, the next step is to build a secure Internet gateway for sharing your Internet connection. Fortunately, you don't ...
Read more

On building an Internet gateway for Internet telephony

On building an Internet gateway for Internet telephony on ResearchGate, the professional network for scientists.
Read more

Building an Internet Gateway | PPT Directory

Building an Internet Gateway Introduction . Aim is to: Share an Internet connection over a LAN; Protect the LAN from the Internet; Also hope to: require
Read more

IEEE Xplore Abstract - On building an Internet gateway for ...

Internet telephony has the potential to significantly reduce the cost of long distance voice communication. Thus, it is very important to construct a PSTN ...
Read more

On Building an Internet Gateway for Internet Telephony

BibTeX @MISC{Chang_onbuilding, author = {Cheng-yue Chang and Ming-syan Chen}, title = {On Building an Internet Gateway for Internet Telephony}, year = {}
Read more

Secure Internet Gateway - Palo Alto Networks

Internet Gateway. Problem. Access to ... The Palo Alto Networks next-generation firewall ... take control of your traffic by building security policies ...
Read more