Shared Internet access through ADSL under FreeBSD

The user-level PPP of FreeBSD is used for the ADSL shared Internet access under FreeBSD. Low device configurations can be used to achieve stable network link sharing of the LAN. At the same time, Squid can also be used as an Internet proxy to further increase the speed of LAN access. The user-level PPP of FreeBSD is used for the ADSL shared Internet access under FreeBSD. Low device configurations can be used to achieve stable network link sharing of the LAN. At the same time, Squid can also be used as an Internet proxy to further increase the speed of LAN access.

FreeBSD supports two different methods for PPP. One is kernel-level PPP, which compiles PPP protocol code into the kernel and runs a PPP daemon pppd, providing support for PPP is a traditional method, but it is difficult to configure. The other is user-level PPP, which uses an application PPP to transmit PPP data through a general tunnel device, making configuration easier. In general, user-level PPP can be used to establish a dial-up Internet connection.

Preparation

Install the basic FreeBSD environment. For more information, see the FreeBSD server guide at www.freebsdchina.org. You must install the "sys" section in the operating system source code. Next, you need to recompile the kernel to support the firewall. Check whether the ppp. conf or ppp. conf. sample file exists in the/etc/ppp directory.

Instance

Dell gx110 PIII 128 M 10G 3com905B-tx 10/100 Mbps adaptive PCI network adapter.

Installation settings

To access the Internet through FreeBSD, you must have a pseudo-device named tun. Therefore, you must add tun support to the kernel.

1 after tun specifies the number of tun devices that can be used at the same time.

To allow users on the LAN to access the Internet, your machine must have two NICs, an ADSL device, a HUB or switch connected to the LAN. In addition, you must re-compile the kernel once. These options mainly include IP Forwarding support in the kernel. The client sends the IP packet to FreeBSD, And FreeBSD forwards the packet to the specified address. This is the basic principle for FreeBSD to drive the entire LAN.

Instance

Add the following content to the kernel file:

Device tun 1 # It is found that the content of this row can be left blank.

Options IPFIREWALL # Enable Firewall

Options IPFIREWALL_FORWARD

Options IPFIREWALL_VERBOSE # Send the registration information package to the System Registration Program

Options IPFIREWALL_VERBOSE_LIMIT = 100 # limit the number of times a machine is registered

Options IPFIREWALL_DEFAULT_TO_ACCEPT # Make the default rule allow all forms of access

Options IPDIVERT # enable the redirection IP socket used by ipfw divert

# This option needs to be used together with natd

To enable ipfw, you must set the IPFIREWALL option. It will notify the kernel of the operating system to check each IP packet and compare them with the rule set. It is a good idea to add the IPFIREWALL_VERBOSE option including registration support by adding IPFIREWALL_VERBOSE, you should also limit the number of packets registered by the kernel by adding the IPFIREWALL_VERBOSE_LIMIT option.

You also need to set the etc/ppp. conf file

Instance

/Etc/ppp. conf

Default:

Set log Phase tun command #

Set ifaddr 10.0.0.1/0 10.0.0.2/0 # set the IP address of the local PPP connection

Adsl: # configuration code

Set device PPPoE: xl1 # Replace xl1 with your Nic device name

Set authname # Your ADSL Login Name

Set authkey # your account and password

Set dial

Set login

Add default HISADDR # Set the default route to the peer address

Enable dns # obtain the correct DNS server address from the dial-up Server

Configuration

Finally, set the/etc/rc. conf file to open the gateway option.

Instance

Edit the/etc/rc. conf file

Join:

Gateway_enable = "YES"

Note: add the following content to the/etc/rc. conf file if you want to enable automatic dialing at the startup!

Ppp_enable = "YES"

Ppp_mode = "ddial"

Ppp_nat = "YES"

Ppp_profile = "adsl" # configuration code to dial

Configuration

If the above configuration is complete, network access problems may occur, because the default configuration of the firewall is not accessible. Configure Firewall rules to allow and disable access.

Instance

First, run the following command to view the current Firewall Configuration:

/Sbin/ipfw Ca show

Run the following command to set the Firewall:

/Sbin/ipfw add 00400 divert natd ip from any to any via xl0 // used to start the Natd Service

/Sbin/ipfw add 00001 deny log ip from any to any ipopt rr

/Sbin/ipfw add 00002 deny log ip from any to any ipopt ts

/Sbin/ipfw add 00003 deny log ip from any to any ipopt ssrr

/Sbin/ipfw add 00004 deny log ip from any to any ipopt lsrr

/Sbin/ipfw add 00005 deny tcp from any to any in tcpflags syn, fin

/Sbin/ipfw add 19997 check-state

/Sbin/ipfw add 19998 allow tcp from any to any out keep-state setup

/Sbin/ipfw add 19999 allow tcp from any to any out

/Sbin/ipfw add 20001 allow udp from any 53 to me in recv xl0 // allow the Internet DNS server information to enter the server

/Sbin/ipfw add 29999 allow udp from any to any out // allow outgoing UDP packets to query DNS information

/Sbin/ipfw add 30000 allow icmp from any to any icmptypes 3

/Sbin/ipfw add 30001 allow icmp from any to any icmptypes 4

/Sbin/ipfw add 30002 allow icmp from any to any icmptypes 8 out

/Sbin/ipfw add 30003 allow icmp from any to any icmptypes 0 in

/Sbin/ipfw add 30004 allow icmp from any to any icmptypes 11 in

/Sbin/ipfw add 40000 allow all from 192.168.0.0/16 to any

/Sbin/ipfw add 40001 allow all from any to 192.168.0.0/16

/Sbin/ipfw flush // Enable Firewall Rules to take effect

Finally, view the modified firewall settings with/sbin/ipfw Ca show:

00001 0 0 deny log logamount 100 ip from any to any ipopt rr

00002 0 0 deny log logamount 100 ip from any to any ipopt ts

00003 0 0 deny log logamount 100 ip from any to any ipopt ssrr

00004 0 0 deny log logamount 100 ip from any to any ipopt lsrr

00005 0 0 deny tcp from any to any in tcpflags fin, syn

00100 516 68656 allow ip from any to any via lo0

00200 0 0 deny ip from any to 127.0.0.0/8

00300 0 0 deny ip from 127.0.0.0/8 to any

00400 0 0 divert 8668 ip from any to any via xl0

19997 0 0 check-state

19998 368990 279745596 allow tcp from any to any keep-state out setup

19999 872 154180 allow tcp from any to any out

20001 0 0 allow udp from any 53 to me in recv xl0

29999 3758 444913 allow udp from any to any out

30000 145 9690 allow icmp from any to any icmptype 3

30001 0 0 allow icmp from any to any icmptype 4

30002 0 0 allow icmp from any to any out icmptype 8

30003 0 0 allow icmp from any to any in icmptype 0

30004 0 0 allow icmp from any to any in icmptype 11

40000 7572 714836 allow ip from 192.168.0.0/16 to any

65535 3213 496794 allow ip from any to any
The document template is successfully configured.

Rc. conf:

Hostname = "sample.com"

Ifconfig_xl1 = "inet 192.168.9.6 netmask 255.255.255.0"

Kern_securelevel_enable = "NO"

Nfs_reserved_port_only = "NO"

Firewall_enable = "YES"

Firewall_script = "/etc/rc. firewall"

Firewall_type = "/etc/ipfw. conf"

Firewall_quiet = "YES"

Firewall_logging_enable = "YES"

Sendmail_enable = "NO"

Sshd_enable = "YES"

Usbd_enable = "NO"

Gateway_enable = "YES"

Natd_interface = "xl0"

Natd_enable = "YES"

Natd_flags = "-config/etc/natd. conf"

Ppp_enable = "YES"

Ppp_mode = "ddial"

Ppp_nat = "YES"

Ppp_profile = "adsl"

/Etc/ppp. conf:

Default:

Set log Phase tun command

Set ifaddr 10.0.0.1/0 10.0.0.2/0

Adsl:

Set device PPPoE: xl0

Set mru 1492

Set mtu 1492

Set authname ad50103024

Set authkey Sstc1602

Set dial