MikeL's FreeBSD howto - Networking

[20211114]
Getting a bunch pf the following in my dmesg.today log:
Limiting closed port RST response from 1525 to 200 packets/sec
By using this magic incantation while it's happening, you can get an idea of what's going on and whom is doing it. This will show you all the RST packet activity:
tcpdump -n -v 'tcp[tcpflags] & (tcp-rst) != 0'
You probably can't do anything about it, but this may make you feel a little better it. The bottom line is that this is an idication the FreeBSD is doing it's thing properly. To change the limiting value, see net.inet.icmp.icmplim in /etc/sysctl.conf (man sysctl.conf).

(10-Dec-2003)

This is basically a checklist of how to setup a new system to do networking stuff beyond the basic. The intent is not to cover everything in detail, merely to point you to each of the tasks that must be performed.

Obviously you must already have your hardware set up. If you're making a gateway/firewall, there will be two Network Interface Cards (NICs); one connected to the external network that you're protecting yourself from, the other connected to the internal "private" network.

Related manual pages: FreeBSD.org, Handbook ch. 6 (Firewalls).


How to change a machines IP address:
In general this is a bad idea, but if you gotta do it, this list of standard files is where I've found my address hardcoded thus had to be changed:
  /etc/rc.conf
  /etc/resolv.conf
  /etc/rc.firewall
  /etc/namedb/named.conf
  /etc/namedb/<domainname.hosts>
  /usr/local/etc/apache/httpd.conf
Also don't forget that you may have it hardcoded in on DNS secondary machines...
Adding additional "alias" addresses:
In rc.conf, merely add an ifconfig, underscore, interface, underscore, "alias", x; e.g:
ifconfig_xl0_alias0="inet 10.12.123.18 netmask 255.255.255.0"
increment x for each additional alias, starting at 0.

Now, why would you want to do this? What happens when you've got your machine all set up, including domain names, with fixed IP addresses, and you move your home/business, thus getting stuck with a new IP address? You don't have the luxury of waiting for DNS replication (perhaps many hours, even days), so you can do this...
You want to set up the machine to do everything itself via the new IP, but from the outside, to also deal with the old. Follow the changing IP address directions above, then add a new alias to the loopback interface (not to the public interface itelf) that is the old IP.
So let's say our old addres was 10.12.123.17, and we have been moved to another DSL provider, and they gave us 172.16.4.5.
ifconfig_xl0="inet 172.16.4.5 netmask 255.255.255.0"
ifconfig_lo0_alias0="inet 10.12.123.17 netmask 255.255.255.0"
We can now change our DNS info at our leisure, then after the dust has settled, dump the alias.


Useful Commands:

Copyright © 1995-2024 Mike Lempriere (running on host bayanus)