# settings for second network card to router?



## miscar (Jan 6, 2009)

I had another post in regards to this but i think i worded it pretty messed up so i thought it best to start this one. Im new to freebsd but ive managed to get a few ports up and running including squid. The problem im having is im not sure how to setup the second network card to provide the router with a wan ip. Here is currently what i have setup that wors but no the way i want it: Currently i have a repeater plugged into the 1st network card on the freebsd box then i have a router plugged into the repeater and i connect wirelessly to the router fine and its set to run squid transparent. However it makes it look like everything is the same ip, i would like to connect the router to a second network card but for the life of me i dont know how to configure the second network card so that it passes through internet connection and provides the router with a wan. Any help for a newbie.


----------



## DutchDaemon (Jan 6, 2009)

I think you'll need to draw an ascii graph of your setup, including IP/netmask. You can make it look right by putting code tags around the drawing 


```
[code] <-- drawing --> [/code]
```
.


----------



## miscar (Jan 6, 2009)

Current setup is ( and as you can see im bad in ascii as well)


```
lan port of router running as repeater 192.168.3.1------> freebsd box net card 1 192.168.3.107
				I
				I
				I
				I
				V             
             wan on wireless router 192.168.5.1 -----> wireless clients 192.168.5.XXX

what i want is:

Lan port of repeater 192.168.3.1------> network card 1 192.168.3.107------> second network card 192.168.3.X ------> wan port on router 192.168.3.xxx ------> wireless clients 192.168.5.XXX
```


----------



## DutchDaemon (Jan 6, 2009)

You want two network cards in the same network? That's not going to work, unless you divide the network into smaller parts (like 192.168.3.0/25 and 192.168.3.128/25) or use a bridge with the two network cards as (unnumbered) members, making the bridge itself 192.168.3.x.


----------



## miscar (Jan 6, 2009)

The two network cards dont need to be on the same network i meant it to be something like 192.168.4.1 then the router .5.1 for reference purposes


----------



## DutchDaemon (Jan 6, 2009)

I think bridging is the best option. You can do everything you like on a bridge, firewalling, proxying, etc. It doesn't even need any IP addresses, unless you want to administer it remotely.


----------



## miscar (Jan 6, 2009)

Can you point me in a direction of a how to bridge for dummies? I will have to give at least one of the cards an ip address becuase i occasionally access it via putty.


----------



## lme@ (Jan 6, 2009)

Try this:

```
ifconfig bridge0 create
ifconfig bridge0 addm <if1> addm <if2> inet <IP address> up
```

Then the bridge itself gets the IP address not the members.


----------



## DutchDaemon (Jan 6, 2009)

If you need to boot into a bridged setup, put this in /etc/rc.conf:


```
cloned_interfaces="bridge0"
ifconfig_bridge0="addm nic1 addm nic2 inet ipaddr/mask up"
ifconfig_nic1="up"
ifconfig_nic2="up"
```

You'll need to switch packet forwarding on, which can be done either in */etc/rc.conf*:


```
gateway_enable="YES"
```

or in */etc/sysctl.conf*


```
net.inet.ip.forwarding=1
```


----------



## miscar (Jan 6, 2009)

thanks i will give this a try when i get home tonight.


----------



## miscar (Jan 7, 2009)

not to sound extremely stupid but should i change nic1 in your example to rl0 and nic2 to rl1 the device ids on my machine?or is nic a generic device name? ( just trying to know what exacly i did for future refference)

well i did manage to get what you said working exactly as you had it in the example the only thing is i broke everything else. I run squid transparently on my router using a script from dd-wrt such as this:


```
# nvram set rc_firewall="
#!/bin/sh
INTERNAL_NETWORK="192.168.5.1/24"
ROUTER_IP="192.168.5.1"
PROXY_SERVER="192.168.3.107"
PROXY_PORT="3128"
if [ -z $TRANSPARENT_PROXY ]; then
  /usr/sbin/iptables -t nat -A PREROUTING -i br0 -s $INTERNAL_NETWORK \
    -d $INTERNAL_NETWORK -p tcp --dport 80 -j ACCEPT
  /usr/sbin/iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_SERVER -p tcp --dport 80 \
    -j DNAT --to $PROXY_SERVER:$PROXY_PORT
  /usr/sbin/iptables -t nat -A POSTROUTING -o br0 -s $INTERNAL_NETWORK -p tcp -d \
    $PROXY_SERVER -j SNAT --to $ROUTER_IP
  /usr/sbin/iptables -t filter -I FORWARD -s $INTERNAL_NETWORK -d $PROXY_SERVER -i br0 \
    -o br0 -p tcp --dport $PROXY_PORT -j ACCEPT
  export TRANSPARENT_PROXY="1"
else
  echo /"This script has already run!"
  echo /"If it hasn't, unset \$TRANSPARENT_PROXY manually via the shell."
fi
"
```

ive got some router configuration to figure out because passing through and getting a wan ip from the router the lan side cant communicate with the wan. So getting to 192.168.3.107 isnt possible from 192.168.5.1 , ill do some playing with the script to see if i can figure it out. thanks


----------



## miscar (Jan 8, 2009)

well so far ive managed to lock myself out of the router a few times by putting it in an endless cycle of trying to communicate with a network it isnt part of. I got to thinking about it once i do get the router setup correctly wont it just pass the routers ip to squid? That wont let me know whose ip is hitting what sites even if i set the router up to assign ip address by mac id. I truly beleive i have dwelled to deep into network topology for my own good.


----------



## DutchDaemon (Jan 8, 2009)

miscar said:
			
		

> not to sound extremely stupid but should i change nic1 in your example to rl0 and nic2 to rl1 the device ids on my machine?or is nic a generic device name? ( just trying to know what exacly i did for future refference)



Yes, use the proper network card names in rc.conf, so rl0, etc.


----------



## DutchDaemon (Jan 8, 2009)

Your original drawing had the FreeBSD box in a 192.168.3.x network, so that's why a bridge was suggested.


```
Lan port of repeater 192.168.[B]3[/B].1------> [FreeBSD bridge] ------> wan port on router 192.168.[B]3[/B].xxx ------> wireless clients 192.168.5.XXX
```

That way, the FreeBSD bridge does not need to communicate with 'unknown' networks, because it has 192.168.3.x on either side.


----------



## miscar (Jan 14, 2009)

dutch you have been a great help the drawing i posted was simply to refer to the 3.x coming from the freebsd box to the router however the router itself was set to 5.1 and since its in dhcp mode all the addresses coming from it are 5.X. eventually ill figure this out.


----------

