FreeBSD + natd + ipfw + squid February 7th, 2010
This is going to be an overview of the steps it takes to create a Walled Garden using FreeBSD, natd, ipfw and squid.
The basic scenario: You have a private IP network that you want to allow people to connect with, and you allow them basic web access (we’ll just do port 80 for now). For your default access you only want to allow these users to access certain URL’s – if they try to access anything else it will redirect them to your “portal” page. Presumbably your portal would have software that would do account signups and such, and once you authorize an ip you would allow it to connect to anything on the internet. Portal design won’t be discussed here, but I will show you how to punch a whole through the firewall.
For this exercise we are going to have a private ip network, and a public ip. Splitting off a management IP is highly advisable, but that won’t be covered here.
Our private IP network is going to be 10.7.0.0/16 our “public ip” is going to be 192.168.0.1 (which is really private, but ignore that – when deploying this substitute in a real public ip here)
First things first, you need to make sure your kernel has some options compiled into it, before doing anything else, go compile these in right now:
options IPFIREWALL
options IPDIVERT
options IPFIREWALL_FORWARD
Once you install that kernel and reboot your server we can proceed with configuration.
For the next step let’s go ahead and install squid. This can be done using whatever method for installing software you prefer, but I’m going to list the package add method, because it’s so simple:
# pkg_add -r squid Read the rest of this entry »
