unix networking

[juris]

Hi guys!

Ī was wondering if anyone could give me some hints how to configure networking in FreeBSD? 'cauce i really don't have time for reading lot of documentation.
I'd like to know where should i put:
1. My IP (which is virtual, e.g. 192.168.x.x);
2. DNS srever IP (i know it goes in /etc/resolv.conf, but maybe there is some other files it should be in)
3. Gateway addres
4. Proxy server addres

What start-up scripts I should edit and how if any?

i think that's all for now.

Thanks.

ju

[voidmain]

Try this:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-post.html

[Master of Reality]

what OS should i choose to be an IP masquerading/DHCP (doesnt have to have DHCP) server for the net, and perhaps in time, a proxy server?
I was thinking maybe freeBSD, red hat (redhat needs 32 MB of RAM and i only have 16MB), or another *NIX variant such as Kaladix or Yggdrasil.
I am going to put it on a pentium MMX 166MHZ, 16MB RAM. (i dont need a GUI, of course.)

another thing...
where is the network configuration where i change stuff like: gateway, DNS, DHCP, IP?
[ April 12, 2002: Message edited by: Master of Reality ]

[ April 12, 2002: Message edited by: Master of Reality ]

[voidmain]

Well it should be pretty easy to find some old RAM chips lying around with everyone upgrading to newer machines and RAM types. And you should be able to get it for just about nothing. I would certainly upgrade the RAM, especially if you want to run a caching proxy.

Having said that I use RedHat for all of the above. In fact my firewall/vpn/proxy/dns/dhcp/web/more server is still running RedHat 6.1 because it's worked so well for so long I've never done a full upgrade of it. And I was using RedHat 5.2 to do it before that. Sure I upgrade specific pieces of it now and then but not a full upgrade.

If you do decide to use RedHat 7.2 the default firewall software would be iptables/ipchains. This will also do your masquerading. Squid for your proxy (best proxy server out there) and it's config file would be found in /etc/squid/squid.conf.  For DHCP you would install the dhcpd package and the config would be in /etc/dhcpd (oddly enough). DNS you would install bind* RPMs.

And if you are new to all of those things and want a nice graphical way to set everything up and probably make your life very easy I would suggest downloading the latest "webmin" RPM from http://www.webmin.com and install it.  You can configure all of those services from webmin. Webmin is probably the best configuration utility I have found. I personally never use it and prefer to configure everything manually but my partners love it. And look at http://www.webmin.com/support.html for a list of all of the supported operating systems. All of the popular Linux distros, Solaris, AIX, HP-UX, SGI, *BSD, and even OSX and Darwin and many more. It really is becoming a sweet administration tool and I would not be one bit surprised if it will become the default on nearly all *NIX like OSs very soon.

Don't forget after installing to look at the errata section on RedHat's web site and get any bug/security RPMs applied. And most important, turn off any services that you do not intend to use. (telnet, ftp, nfs, portmap, finger, etc).

[ April 12, 2002: Message edited by: VoidMain ]

[Master of Reality]

quote:Originally posted by X11:
Slackware would be good, be FreeBSD is good.
I used to have Red-Hat 7.0 on a PPro 150 with only 24mb of ram

 

quote:Origanally posted by VoidMain:

i really scary thing is that my brother had Win95 running with only 8MB of RAM.Well it should be pretty easy to find some old RAM chips lying around with everyone upgrading to newer machines and RAM types. And you should be able to get it for just about nothing. I would certainly upgrade the RAM, especially if you want to run a caching proxy.

do you think 80 megs would be enough? I figure i could also use a big swap partition, it wouldnt be too bad. I have 3 (soon 4) comps on my network, so i might decide not to use DHCP although it is easier, and i'm lazy. I will probably end up using red hat 7.2.
I am going to put freeBSD on my main computer and try it out for a while though.


Has anyone else heard of Kaladix???

[voidmain]

Yes, 80 is plenty for firewall/dns/dhcp but depending on what you use your proxy for it might be a little light. My Squid is running at about 18MB right now and with the ad filter/redirectors it's pushing 30MB. That still should be plenty. Also for caching it's good for Squid to have plenty of disk space to work with.  And my proxy/firewall is only a P100 w/128MB. It's actually not the wisest thing to run other services on your firewall box. To be the most secure you would have a machine dedicated to only firewall and masquerading. By rights you should have an inside machine acting as your proxy and web servers etc should be in a DMZ.  But for home use this is pretty impractical. For home use the next best thing might be to set up an inside machine that does your proxy, dhcp, dns, etc and port forward the specific services you want to be public. But doing it all on your firewall and keeping your inside machines on off-net addresses (192.168.*.*,10.*.*.*, 172.*.*.*) is probably better than nothing. It's just that your firewall box will be more susceptible to being owned and if they own that box they have your inside machines as well.

[Master of Reality]

quote:Originally posted by X11:
80megs is plenty of ram...

In fact i know people who have 486 8mb ram/ 200mb HDD
running Linux as a firewall/router/proxy

what version of linux is it though? I could get my hands on the earliest version of linux if I really wanted to, i bet it doesnt need very much space, i suspect it lacks most of the capabilities i need.

[voidmain]

It doesn't matter if you are running Slackware, RedHat, Mandrake or any other version of Linux for that matter. They all run the same kernel source and apps.  Sure they are all compiled with different default drivers installed but all it takes is a recompile and include only the necessary drivers and if you inlude more than necessary but compile your drivers as modules they do not require much memory if you only load them if necessary.  Like I said, you should be able to find memory for an old machine for free so why not upgrade it? He said he wanted to use it as a proxy and I would not recommend running it on 32MB for this.  You could do it with 80 with no problem though. In fact 64 should be enough.  

And sure you can bring up a desktop and window manager in 128MB but if you are going to do any serious work you will not be very productive with 128MB unless you really take care to skimp where you can. When I use my Linux as a development desktop 512MB is pretty good but there have been times I wish I had more.  I usually have many windows open, a few browsers, PostgreSQL, MySQL, Sybase databases, httpd, and a big chunk taken up by VMware so I can test things from a Win client. I guess it depends on what you plan on doing with your desktop.  If you only need a lightweight window manager, a browser window and a mail client, no databases or server services running then yes 128MB should do you just nicely. But don't complain to me when you want to start doing some more serious work and things are slow.

[ April 13, 2002: Message edited by: VoidMain ]

[Master of Reality]

quote:Originally posted by VoidMain:
It doesn't matter if you are running Slackware, RedHat, Mandrake or any other version of Linux for that matter. They all run the same kernel source and apps.  Sure they are all compiled with different default drivers installed but all it takes is a recompile and include only the necessary drivers and if you inlude more than necessary but compile your drivers as modules they do not require much memory if you only load them if necessary.  Like I said, you should be able to find memory for an old machine for free so why not upgrade it? He said he wanted to use it as a proxy and I would not recommend running it on 32MB for this.  You could do it with 80 with no problem though. In fact 64 should be enough.  

And sure you can bring up a desktop and window manager in 128MB but if you are going to do any serious work you will not be very productive with 128MB unless you really take care to skimp where you can. When I use my Linux as a development desktop 512MB is pretty good but there have been times I wish I had more.  I usually have many windows open, a few browsers, PostgreSQL, MySQL, Sybase databases, httpd, and a big chunk taken up by VMware so I can test things from a Win client. I guess it depends on what you plan on doing with your desktop.  If you only need a lightweight window manager, a browser window and a mail client, no databases or server services running then yes 128MB should do you just nicely. But don't complain to me when you want to start doing some more serious work and things are slow.

[ April 13, 2002: Message edited by: VoidMain ]

this is my old computer, so i never use it for anything other than to serve the web to my parents and my main computer. hmmmm... i will try out some of this memory i just happen to have with me and see if i can get 32 MB, no window manager or anything other than just a proxy, ip masquerading and maybe a DHCP.

[untz]

Master of Reality:
I really like freebsd for that task.  I am running freebsd 4.5 on a 75mhz with 24M ram and it runs great.

Use IPFW for firewalling and NATD for the IPMasq.  NATD can control any port forwarding you would want as well.  I would read up on the handbook at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/index.html. It will show you how to setup your firewall and use natd.

I use isc-dhcp3-3.0.1.r6 as the DHCP server and it runs flawlessly.  The config file is pretty self-explanatory.  You can find it in /usr/ports/net.

Note that after your initial install you will need to add a few things to your kernel.  This tripped me up for a while.  Its in the documentation but I overlooked it.  

Below is what I added to my kernel to make it all work.  The handbook shows how to rebuild your kernel in it as well.

options  IPFIREWALL   #enable ipfw
options  IPDIVERT   #enable natd
options  IPFIREWALL_VERBOSE  #firewall logging
options  IPFIREWALL_VERBOSE_LIMIT=25 #protect syslog