Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.uwa.edu.au!classic.iinet.com.au!swing.iinet.net.au!news.uoregon.edu!chi-news.cic.net!uwm.edu!math.ohio-state.edu!howland.reston.ans.net!swrinde!ringer.cs.utsa.edu!news.cais.net!news.cais.com!news!khera From: khera@kciLink.com (Vivek Khera) Newsgroups: comp.unix.bsd.bsdi.misc Subject: Re: configuring BSD/OS to use PC as a router Date: 12 Oct 1995 18:32:39 GMT Organization: Khera Communications, Inc., Rockville, MD Lines: 51 Message-ID: <KHERA.95Oct12143239@kci.kciLink.com> References: <45jaic$7hm@news.duke.edu> NNTP-Posting-Host: kci.kcilink.com To: gallatin@davinci.isds.duke.edu (Andrew Gallatin) In-reply-to: gallatin@davinci.isds.duke.edu's message of 12 Oct 1995 15:00:28 GMT >>>>> "AG" == Andrew Gallatin <gallatin@davinci.isds.duke.edu> writes: AG> We don't have the budget to install a 'real' router, and I was hoping AG> we could get adequate performance from a PC w/2 ethernet cards running AG> BSD/OS. I was hoping to get advice on 3 issues: AG> - Which PC? I've got an old DX2-50 with 8Mb RAM, and a 180Mb disk serving as my screening router. I think that your dx33 should be sufficient, as long as nothing else runs on it. Mine only runs the modem pool, some application proxies (http and ftp) and the packet screening filter. It serves as a simple firewall for my Windows-based network. AG> - What kind of Ethernet cards? The 3c509B is the only way to go, in my opinion. NE2000 clones work ok, but the BSD/OS driver for them is not as good as the 3c509 driver. The 3c509B cards are just about as fast as you can get, too. AG> - How to configure? You need to configure the kernel to have two ef drivers (ef0 and ef1) for the 3c509 cards. If you want to transmit all IP packets destined out, just turn on the GATEWAY option, and set the default route for all hosts inside your network to point to this gateway box. You will need to edit your /etc/netstart file to tell the second ethernet card who it is. That's it, pretty much. If you want to be picky about which IP packets to forward, turn *off* the GATEWAY option, turn *on* the GWSCREEN option (this will require you to fetch and install the screend program -- see http://www.vix.com/ for pointers). This is how I do it, since I need to protect my non-unix machines, as they cannot defend themselves... AG> Thanks in advance for any advice you can give me! Hey, you ISDS guys helped me with some stat analysis for my dissertation, so it's the least I can do ;-) Let me know if you need some more configuration advice. I can send along my kernel configuration file if needed. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Vivek Khera, Ph.D. Khera Communications, Inc. Internet: khera@kciLink.com Rockville, MD +1-301-258-8292 PGP/RIPEM/MIME spoken here http://www.kciLink.com/home/khera/