What you need:
1) Get NetBSD
- This process works for NetBSD 5x and 6x. I’ve updated this doc for NetBSD 6.0.1.
- Download the ISO image from the site nearest you: http://www.netbsd.org/mirrors/#iso
- Note: your CPU architecture choice determines what version of NetBSD you use. Regular 32 bit x86 hardware from AMD and Intel use the i386cd iso file. As you can see, NetBSD runs on just about everything, including toasters http://www.embeddedarm.com/software/arm-netbsd-toaster.php
- A computer with two NIC’s, two CAT5 network cables and switch for your internal network.
- An Internet connection. This doc is based on a DHCP connection to the external Verizon FIOS network.
- External network = DHCP internet connection from Verizon FIOS in-home router
- Internal network = Local static IP connection to internal home network
2) Minimum hardware specs:
- Good enough – 200 Mhz with 256 Mb of RAM, 9 Gig or larger hard drive
- Fast: AMD Athlon or Pentium 4, 2 Gigs of RAM, 40 Gig hard drive
- Note that the above PC specs are very old. NetBSD is great for repurposing Mom’s old computer.
- The PC I used? A Dell GX270, Intel P4, 2 Gigs RAM, 40 Gig disk drive, two 10/100/1000 NICs (1 Intel, 1 Dlink). You can find one on Ebay.com for under $100. Note that your NIC device IDs will differ based on hardware vendor. http://shop.ebay.com/?_from=R40&_trksid=p5197.m570.l1313&_nkw=Dell+GX270&_sacat=See-All-Categories
- Caffeinated drink of choice.
Layout of the System and Network
1) The list below depicts the example network and PC that I used to make this work.
Internal network: 10.10.10.0/24, mask 255.255.255.0, gateway 10.10.10.1
Internal NIC device ID: wm0
Internal IP: 10.10.10.1
External Network: Internet connection via FIOS DHCP connection from Actiontek router provided by Verizon.
External NIC device ID: sk0
External IP: provided by DHCP
1) Install NetBSD on you system. Just follow the prompts. It’s easy. When asked, install all of the X packages. If you can’t figure that out, don’t worry. Installing xfce later in this doc will take care of it.
2) When done with the installation, log in as root and perform the following.
Changing local password for root.
Retype new password:
–> useradd -m -G wheel <your new user name>
–> passwd <your new user name>
–> echo “sshd=YES” >> /etc/rc.conf
–> echo “inetd=NO” >> /etc/rc.conf
–> /etc/rc.d/sshd restart
Enable and configure Networking Services.
1) Since you have two NICs, you have to manually define the NIC with the static IP for the internal network.
–> vi /etc/ifconfig.wm0 and add:
10.10.10.98 netmask 255.255.255.0 media autoselect (use the IP you want to be your internal network interface)
Note: you will not create /etc/ifconfig.sk0 because it’s not static. You’ll get DHCP from FIOS.
2) Enable packet forwarding/routing and performance tweaks.
–> vi /etc/sysctl.conf and add:
3) Since you get your public IP address assignment dynamically through DHCP, enable it in /etc/rc.conf.
–> vi /etc/rc.conf
dhclient_flags=sk0 (this is the NIC that attaches to the FIOS router)
4) Edit /etc/dhclient.conf so the DHCP client can query the DHCP service.
–> vi /etc/dhclient.conf and add:
send host-name “gateway”; <=== Put your hostname here.
send dhcp-client-identifier “gateway”; <=== Put your host identifier here. Usually same as hostname.
request subnet-mask, broadcast-address, routers, domain-name-servers;
interface “sk0”; <=== put your FIOS facing NIC device here.
option host-name “gateway”; <=== put your hostname here
option subnet-mask 255.255.255.0;
# option domain-name “my.domain”;
# option domain-name-servers 127.0.0.1;
renew 2 2000/1/12 00:00:01;
rebind 2 2000/1/12 00:00:01;
expire 2 2000/1/12 00:00:01;
5) Prevent dhclient from nuking your /etc/resolv.conf.
–> vi /etc/dhclient-enter-hooks (and paste in the lines below)
echo “doing nothing to resolv.conf”
6) Edit your IP Filter rules.
–> vi /etc/ipf.conf and add:
pass in from any to any
pass out from any to any
Note: for a more secure setup see http://www.netbsd.org/docs/network/nsps/config_ipf.html for advanced firewall filtering rules and options. You can also Google it. You could also install Webmin and use the Ipf module.
7) Enter your Network Address Translation (NAT) rules for the NIC facing the FIOS router.
–> vi /etc/ipnat.conf and add:
map sk0 10.10.10.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map sk0 10.10.10.0/24 -> 0.0.0.0/32 portmap tcp/udp 40000:60000
map sk0 10.10.10.0/24 -> 0.0.0.0/32
8) Enable your NAT/firewall features and NTP for time sync.
–> vi /etc/rc.conf
ipfilter=YES #Stateful firewall
ipnat=YES #Network Address Translation
ipmon=YES #Firewall logging
9) During the reboot it should discover its DHCP IP from the FIOS router. It will probably be 192.168.1.2, 3 or 4. If it doesn’t pick it up try switching the cables on the back of your PC to the other NIC and reboot. Also, if DHCP does not work, log in as root and try running the following:
–> dhclient sk0
Listening on BPF/sk0/1c:bd:b9:85:b9:03
Sending on BPF/sk0/1c:bd:b9:85:b9:03
Sending on Socket/fallback
DHCPDISCOVER on sk0 to 255.255.255.255 port 67 interval 7
DHCPDISCOVER on sk0 to 255.255.255.255 port 67 interval 13
DHCPOFFER from 192.168.1.1
DHCPREQUEST on sk0 to 255.255.255.255 port 67
DHCPACK from 192.168.1.1
doing nothing to resolv.conf
bound to 192.168.1.3 — renewal in 36425 seconds.
Watch your NAT table with:
–> ipmon -o N
To manually load the NAT rules if you make a change:
–> ipnat -CF -f /etc/ipnat.conf
10) Add the NetBSD package location to the root profile.
–> vi /root/.shrc
# Package location on the ftp server.
export PKG_PATH=”<your path from above, either 5x or 6x>”
Login as root and install additional packages.
–> pkg_add -uv bash-4.2nb2
–> pkg_add -uv p5-Crypt-SSLeay
–> pkg_add -uv p5-Net-SSLeay
–> pkg_add -uv less-418
–> pkg_add -uv xfce4 (or xfce4-4.6.1nb5 if xfce4 doesn’t work)
–> pkg_add -uv firefox
–> pkg_add -uv nmap htop iftop lsof
Reboot to seat the changes. Login as root and start the new GUI desktop.
You now have a nice lightweight desktop, firefox and xterms. You are welcome.
11) Setup your clients. Clients behind the NetBSD NAT/router should be configured for DNS resolution and the proper default gateway. Note that if you have internal DNS and possibly Active Directory running in your internal network and it’s forwarding to your external FIOS DNS servers, use your local DNS server in the steps below. If not, you can use the FIOS DNS on your internal clients.