Thread: My first Gateway and LAN having issues
View Single Post
  #7   (View Single Post)  
Old 2nd July 2010
sharris sharris is offline
Package Pilot
  
Join Date: Jun 2010
Posts: 146
Default
I been reading all of what you suggested. The problem is each document will links you to 5-10 others. I can't help it, so I click to review them, before you know it I'm reading forums threads all over the world while never completing the first document. I did pick-up a few details in it entirety and many bits and pieces from everywhere that is locked in my head and will be there when needed but nothing that I tried gave my Window LAN machine Internet access. It's overwhelming testing working and non-working example, piecing stuff together and not having a clue if it's what you really need or not. Than you learn FreeBSD is not OpenBSD and all code don't work the same. I even believe FreeBSD 8.0 is either using a older version of PF or missing needed scripts. I found the clue and I don't have a life time to try to prove it. I did save the thread I think. And also something keep killing my moused function. You can't pin-point nothing when your in the heat of studying something else.. I hit some kind of <pfctl> with flag than latter notice my mouse is gone. I'll post the cause when I catch it. That was a many detour, now I have do a search for WHY, while the machine reboot. Nothing on the net. I bet no one even knows it exist but me or a few non-xWindows peoples learning pf the hard way. What ever the case something is not right and I don't think it's personal. My next step is to switch the rc.conf lines around and put moused at the bottom and see what happen, if I can ever get to it. I am only a member of very few forums and I like to keep it that way so I don't get confuse with tons of login-in and passwords just because I have another question I just thought of by reading their threads. So I'll break so I can work on my Network Diagram. I don't think it's perfect and it may be missing a thing or two but it should present a fairly clear picture of what I'm trying to do. Don't know if this entire thread has too much information, so here are my final questions. And yes, I'm wore out but I had a ball trying and is going back to read more after I post this long note. I think pf is the great and I hope they don't break it or that the FreeBSD kernel get an overhaul before its to late.

Question 1)
It don't matter right now, but for future knowledge, what detail-information (net-numbers) are we not suppose to post since this is more about network security?

Here's my topology
one Gateway with pf
one switch
and three systems

I am no good with math. I really want to start with the lowest number if possible, like 10.0.0.0 or 172.16.0.0 for the gateway so when I plug in each LAN computer I can start with number 1 to match the switch number but since I made it this far I been to afraid to try it. Working in command-line mode is not fast, fun or easy to me yet. This is based on the example I posted way above. I do wonder why it starts with 10.0.10.2 and not 10.0.0.0 or 10.0.10.0.

Question 2)
What is the logic behind that?

Question 3)
Would someone correct my diagram numbers or make it better?

Question 4)
Is there a strong working pf example for this type of LAN set-up?


Code:
-------------                 --------------
     The     |               |  2-Wire DSL  |
  Internet   | < < RJ-11 > > | Network Name | [Access-Point = 00:00:00:xx:xx:xx]
     WWW     |               |   2WIRETTT   | [resolv = 192.168.1.254]
-------------                 --------------
                                   v
                                   v   cat-6 Patch-cables
                                   v
            -----------------------------------------------
           | 192.168.1.35   255.255.255.0    192.168.1.255 |  [re0 = 00:00:e0:xx:xx:xx]
           | Gateway-pf     DHCP             192.168.1.254 |  [machine-0]
           | 10.0.10.2      255.255.255.248  10.0.10.7     |  [re1 = 00:00:e1:xx:xx:xx]
            -----------------------------------------------
                                  v
                                  v cat-5e cross-over cable
                                  v
      ---------------------       v
     | NETGEAR gigabit     |      v
     |  1    2    3   4   5< < <  <
      ---------------------
        v    v    v
        v    v    v
        v    v    v   cat-6 Patch-cables
        v    v    v
        v    v    v
        v    v    ----------------------------------
        v    v  |  ArchLinux-FreeBSD - Developer box |
        v    v    ----------------------------------
        v    v  |  IP Address    10.0.10.5           |  [reX]
        v    v  |  Subnet Mask   255.0.0.0           |  [machine-3]
        v    v  |  Gateway       10.0.10.2           |  [reX = 00:00:a3:xx:xx:xx]
        v    v   -----------------------------------
        v    v
        v    v
        v    v
        v    ---------------------------------
        v  | Jail Web-Server - E-Mail - MySQL |
        v    ---------------------------------
        v  | IP Address    10.0.10.4          |  [reX]
        v  | Subnet Mask   255.0.0.0          |  [machine-2]
        v  | Gateway       10.0.10.2          |  [reX = 00:00:a2:xx:xx:xx]
        v   ---------------------------------
        v
        v
        v
        ----------------------------
      | Windows XP    surf Internet |
        ----------------------------
      | IP Address    10.0.10.3     |  [reX]
      | Subnet Mask   255.0.0.0     |  [machine-1]
      | Gateway       10.0.10.2     |  [reX = 00:00:a1:xx:xx:xx]
        ----------------------------
Reply With Quote