DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 4th June 2009
kla kla is offline
New User
 
Join Date: Jun 2009
Posts: 6
Thanked 0 Times in 0 Posts
Default I need to set up a firewall and DNS server on a single computer HELP PLEASE

I need to set up a firewall and a DNS server on a single computer and my problem is that i don't understand how to configure network cards for that. In fact, i don't know why there must be TWO network cards for that. All that i've done by now is to install OpenBSD, set up firewall rules, make firewall and DNS start after every rebooting and enable packet forwarding. But i don't know how to make it work like firewall and DNS should for small network of ten to twelve computers that must be connected to internet. My biggest problem is that i can't find understandable answer in any OpenBSD manual that is available to me.

So my main question would be why do i need to configure two cards. After that, how i configure them. I understand that for dynamic IP adress assignment i can configure in localhost.if

dhcp NONE NONE NONE

But one manual that i've seen states that in order to configure network card one must write following:

inet IP-adress 255.255.255.0 NONE

And it doesn't mention wether it's for static or dynamic assignment of IP adress.

Can someone please help me?

P.S. Sorry for my bad english.

Last edited by kla; 4th June 2009 at 11:43 AM. Reason: Title
Reply With Quote
  #2   (View Single Post)  
Old 4th June 2009
kla kla is offline
New User
 
Join Date: Jun 2009
Posts: 6
Thanked 0 Times in 0 Posts
Default

Well can you help then I need some desperatly
Reply With Quote
  #3   (View Single Post)  
Old 4th June 2009
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Helpful companion
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Thanked 193 Times in 184 Posts
Default

Don't bump, either people will reply or they won't..

You still haven't explained why you want to setup a DNS server, what do you intend on doing with it? please explain your network topology and what you hope to accomplish.
  • Is this system facing the Internet? Will it be a primary/secondary nameserver for a domain?
  • Are you using it as a NAT firewall? Do you want a local caching nameserver?
  • What led you to believe 2 network interfaces are required for proper operation of a DNS server?
You keep asking us vague questions without any context, so please explain why it's an "emergency".

I look forward to your response..
Reply With Quote
  #4   (View Single Post)  
Old 4th June 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,431
Thanked 214 Times in 189 Posts
Default

Quote:
Originally Posted by kla View Post
... i don't know why there must be TWO network cards for that.
One network interface is for your private network, the other network interface is to connect to your ISP's network:
{ISP network} -- [Router] --- {private network}
All routers, OpenBSD or not, have at least two network interfaces. Many have more.
Quote:
...My biggest problem is that i can't find understandable answer in any OpenBSD manual that is available to me.
You lack basic TCP/IP networking knowledge. This knowledge is required before you can successfully configure OpenBSD to act as a network router. When you decided to use OpenBSD, you became your own network administrator. The OpenBSD FAQ says:
Quote:
Originally Posted by FAQ 6.1
If you are a network administrator, and you are setting up routing protocols, if you are using your OpenBSD box as a router, if you need to go in depth into IP networking, you really need to read Understanding IP Addressing. This is an excellent document. "Understanding IP Addressing" contains fundamental knowledge to build upon when working with IP networks, especially when you deal with or are responsible for more than one network.
That document is detailed, and is a good reference, but it may not be applicable to the newbie administrator. If your command of English is good, you may get some value from:
  • Classful IP Addressing (pages 3-7)
  • Subnetting (pages 8-10)
  • Subnet Design Considerations (pages 11-18)
Better education, though, should be a basic, introductory document about TCP/IP networking, that is written in your native language.
Quote:
...But one manual that i've seen states that in order to configure network card one must write following:

inet IP-adress 255.255.255.0 NONE


And it doesn't mention wether it's for static or dynamic assignment of IP adress.
This it for assigning a static, unchanging IP address. The netmask of 255.255.255.0 is for a /24 subnet, which may or may not be what you need.
Quote:
Can someone please help me?
We don't know anything about your network requirements, or your network interfaces. Here are the steps you will need to know how to do, at minimum, to set up OpenBSD as a router for a private network.
  • Configure your external network interface for your ISP, as appropriate.
  • Configure your internal network interface, with a static, RFC 1918 address, for your private network.
  • Obtain your ISP's DNS server address(es). If your ISP connection is dynamic, you can obtain these address(es) from /etc/resolv.conf after connecting successfully to your ISP.
  • Configure your local network; if you plan to offer DHCP services to your local network, you will need to set up dhcpd.conf(5) and enable dhcpd in rc.conf.local(5). The DNS server addresses obtained from your ISP can be used in dhcpd.conf if you are offerihg DHCP services on your private network. If not, use the addresses in your static configurations.
Reply With Quote
  #5   (View Single Post)  
Old 4th June 2009
kla kla is offline
New User
 
Join Date: Jun 2009
Posts: 6
Thanked 0 Times in 0 Posts
Default

Here's the thing: i'm a student of computer sciences and i needed to make a small project for one of my courses that basically deals with introductory elements of networking. Because we could work in pairs on project, my colleague and i choose to configure firewall on OpenBSD. The colleague already had experience in working with OpenBSD and i wanted to configure simple packet filter firewall. I didn't have any experience with OpenBSD before. Long story short, because of some unforseen circumstances my colleague cannot work with me anymore on the project and so i alone must finish this. Our professor liked the idea so he assigned to us to configure additionaly DNS derver for small internal network inside university building. Because i didn't expected task like that and because now i work alone on that i began to panic, more because no one else i know knows anything about OpenBSD, let alone setting up of a DNS server in it. So please excuse me for all the drama but that's just because i'm afraid i can't finish the project in time.

Internal network that i need to set up DNS for is facing the internet and already haves its DNS server and i need to configure and replace that already existing with my own. The course deals with DNS theory and BIND9 configuration but we didn't learn yet how exactly to set up a DNS server so i was very puzzled when professor said that i have to configure two network cards for DNS to work. And that was pretty much all that he said on the subject.

So i guess that i don't have to set up local caching nameserver nor NAT firewall, only some ordinary DNS server. But for every question i ask professor about some details or adresses i get "you should know that" answer. And i can't read configuration from existing server, so i guess there must be a way to find it with any computer in the network but i don't know how.

At least now i understand what for two network cards are. Thanks for the answer, it explained me a lot.
Reply With Quote
  #6   (View Single Post)  
Old 4th June 2009
Oko's Avatar
Oko Oko is offline
Fsck Surgeon
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 733
Thanked 36 Times in 32 Posts
Default

Quote:
Originally Posted by kla View Post
Here's the thing: i'm a student of computer sciences and i needed to make a small project for one of my courses that basically deals with introductory elements of networking. .
Here is the thing. I teach at a University. If I caught my student trying to complete a project by bugging people to do his work on BSD forums instead of reading textbooks, I would fail him.

Now, go back to your room. Get yourself a nice blanket, fold it couple times, and put on your work chair. Then sit down and study. When you think you did study enough you get up and unfold the blanket. If you do not see steam coming out it means that you didn't study enough. Quickly fold the blanket back so that it doesn't cool of and continue to study.
Reply With Quote
  #7   (View Single Post)  
Old 4th June 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,431
Thanked 214 Times in 189 Posts
Default

I will help you, kla, with the OpenBSD-specific configuration bits. But only if you do the hardware and network configuration. And I will give you guidance, but not step-by-step instructions. For step-by-step instructions your professor will have to give me credits for completing your course.

If you're still interested, you may start by answering these questions:

Internet Connection
  1. Your Internet connection is (static / dynamic)?
  2. If static, what is your IP address, netmask, default route, and DNS server pool address(es)? Do not post real Internet IP addresses publicly . Please hide the address. e.g.: x.x.x.4 may be used instead of 1.2.3.4.
Local Network
  1. Your local subnet is (private / exposed to the Internet)?
  2. What is the subnet's block of addresses? Hide if these are real Internet addresses, as above.
  3. Do the devices on the network obtain dynamic IP addresses, or are they statically assigned?
  4. If dynamic, will OpenBSD be providing IP addresses or will another server on the local subnet provide them?
  5. If OpenBSD is providing IP addresses, what is the address range within your subnet for dynamic addresses?
  6. Do you have any servers on the local net with static IP addresses, other than the OpenBSD router? What are their IP addresses? If exposed to the Internet, please hide, as above.
OpenBSD
  1. What release/flavor of OpenBSD are you using? e.g.: 4.5-release, 4.4-stable, -current.
  2. What is the driver and device number of your Internet NIC? e.g.: vr0
  3. What is the driver and device number of the NIC for your local network? e.g.: ne3
Reply With Quote
  #8   (View Single Post)  
Old 4th June 2009
kla kla is offline
New User
 
Join Date: Jun 2009
Posts: 6
Thanked 0 Times in 0 Posts
Default

It's nice to receive some advice from a competent person, especially when it's about learning. And i am very grateful for that advice. But would you please be so kind and recommend me one of those textbooks you mention in your post that can help me to better understand how exactly DNS works?

I am, in fact, student of nature sciences with some computer science courses and i would never be a computer science professional. If i were student of hardcore computer sciences at some tehnical university i wouldn't ask for such an advice on forums because it would not be very smart way for me to try to cover up for my incompetence. It isn't very smart from me now either, but i think that i can at least try in given circumstances when i alone must do something that two students were assigned to.
In our computer courses we don't get much in-deep with some things and we didn't get deep with understanding of how exactly network card or DNS physically work.

I wanted at least for someone who understands how DNS and BSD really work to explain me why do i need two network cards. I got the answer and i must say it pretty good cleared out to me why there must be two network cards and what i should do next. I dont need step-by-step instructions nor did i asked for them.

Thank you.
Reply With Quote
  #9   (View Single Post)  
Old 4th June 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,431
Thanked 214 Times in 189 Posts
Default

From the collection at www.openbsd.org/books.html#6, I would recommend TCP/IP Illustrated, Volume 1, and DNS and BIND.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
escape single quote in sed gosha Programming 5 9th March 2009 10:22 AM
What computer to get for bsd and pclinux johnlvs2run FreeBSD General 22 5th March 2009 03:32 AM
Single instance of VLC player maxrussell General software and network 1 8th February 2009 03:57 PM
computer hobbyist or pro? ephemera Off-Topic 26 3rd December 2008 04:57 AM
What do you use your computer for? JMJ_coder Off-Topic 17 23rd August 2008 11:08 AM


All times are GMT. The time now is 11:40 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick