Archive for the 'Networking' Category

How to change IP address or setup new ip address to existing NIC in FreeBSD

Tuesday, June 12th, 2007

1) Use ifconfig command as follows:
ifconfig interface inet IP

Example(s):
ifconfig fxp0 inet 192.168.1.5

Note fxp0 is Ethernet interface name can be Obtained using ifconfig -a command.

2) To setup up ip permanently open file /etc/rc.conf ; add/modify network entries:
vi /etc/rc.conf

And setup values as follows:
hostname=”box1.freebsd.org.in”
ifconfig_fxp0=”inet 192.168.1.6 netmask 255.255.255.0″

Note ifconfig_fxp0 is Ethernet interface name can be Obtained using ifconfig -a command.

3) Again re-run /etc/netstart script.

Posted in Networking | No Comments »

How to add multiple IP to a single NIC in FreeBSD

Tuesday, June 12th, 2007

FreeBSD allows you creat alias or assign multiple ip address to single NIC (network interface card)

My setup:
fxp0 - IP : 192.168.1.1/255.255.255.0
fxp0 alias - IP : 192.168.1.5/255.255.255.255

Note: Netmask must be diffrent otherwise you will get an error ifconfig: ioctl (SIOCAIFADDR): File exists

A) From command line use ifconfig command as follows:
# ifconfig fxp0 192.168.1.5 netmask 255.255.255.255 alias

B) You can setup this alias in /etc/rc.conf file by appending following text, so that next time FreeBSD comes up (after restart/shutdown) it will create alias for you:
ifconfig_fxp0_alias0=”192.168.1.5 netmask 255.255.255.255″

C)Restart FreeBSD network service using following script:
# /etc/netstart

D) Display alias and real ip using ifconfig lnc0 command:
# ifconfig fxp0
lnc0: flags=8843 mtu 1500
inet6 fe80::20c:29ff:fe01:ddbd%lnc0 prefixlen 64 scopeid 0×1
inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
inet 192.168.1.5 netmask 0xffff

Read ifconfig man page.

Posted in Networking | No Comments »

Installing a Proxy Server on FreeBSD - Privoxy

Saturday, June 9th, 2007

Setting up proxy on a FreeBSD server is very easy and helps to create a secure environment for your network, and also allows your whole network to access internet using a single internet connection.
Privoxy is a good proxy server. It’s very easy to use and worked well.

Installation
# cd /usr/ports/www/privoxy
# make install clean
# rehash

The configuration file is /usr/local/etc/privoxy/config, there is one line which must be changed:
listen-address 192.168.0.1:8119
The IP should be changed to your server’s internal LAN IP address. Also, it’s better to use a non-default port number for security reasons.

Posted in General, Security, Networking | No Comments »

Setting Up VPN on FreeBSD using “mpd”

Thursday, May 31st, 2007

1) Install “mpd” from ports:

cd /usr/ports/net/mpd
make install

2) Once it’s done edit the sample configuration file in /usr/local/etc/mpd:

cd /usr/local/etc/mpd
vi (or your favourite editor) mpd.conf

3) Add this to your mpd.conf:

default:
load pptp1

pptp1:
new -i ng0 pptp1 pptp1
set iface disable on-demand
set iface enable proxy-arp
set iface idle 0
set iface enable tcpmssfix
set bundle enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 10 60
set ipcp yes vjcomp
set ipcp ranges 192.168.1.1/32 192.168.1.51/32
set ipcp dns 192.168.1.1
set ipcp nbns 192.168.1.1 192.168.1.8
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless

Change the ip to suite your needs.

The ‘ipcp dns’ line is to specify what DNS servers the client should use. The ‘ipcp nbns’ line is to specify what WINS (Netbios NS) servers the client should use. You can remove that line if you do not have a WINS server to use. The address assigned to the server (1922.168.1.1 in this case) can be assigned multiple times if you want to allow more than one client to connect at a time. You only need to specify different addresses for the clients (192.168.1.51 in this case).

4) Now edit mpd.links and add this in it:

pptp1:
set link type pptp
set pptp enable incoming
set pptp disable originate

5) Now edit mpd.secret to add user/passwords pair in it:

user “password”
user2 “password2″

etc…

6) Now secure the password file:

chmod 600 mpd.secret

7) Start MPD:

/usr/local/sbin/mpd -b

8) If you have any trouble run it without -b option as -b option is for  running it in background or as deamon:

Now you should have a VPN server for Windows clients that supports MPPE (Microsoft Point-to-Point Encryption), but not MPPC (Compression), because the compression libraries are not open source and are not included with ‘mpd’.

If you want to allow more than one connection at a time, all you need to do is copy the lines in the mpd.conf and mpd.links files and change the identifier from ‘pptp1′ to ‘pptp2′ and so on.

9) Starting mpd at boot:

Just add /usr/local/sbin/mpd -b to /etc/rc.local

Posted in Firewall, General, Other OS, Networking | 1 Comment »