Local Area Network (LAN)

From FreeBSDwiki
Jump to: navigation, search


Setting up Local Area Network (LAN)

A local area network (LAN) is a group of computers and associated devices that share a common communications line or wireless link and typically share the resources of a single processor or server within a small geographic area (for example, within an office building). Usually, the server has applications and data storage that are shared in common by multiple LAN computer users. A local area network may serve as few as two or three users (for example, in a home network) or as many as thousands of users (for example, in an FDDI network). Typically, a suite of application programs can be kept on the LAN server. Users who need an application frequently can download it once and then run it from their local hard disk. A user can share files with others at the LAN server.

There are many technical limitations and options to how a LAN is configured depending on if you are a non-commercial user or commercial user and how many of the MS/Windows and/or Unix network server sharing facilities you want to enable.

Basically what determines if you are commercial user or not is how you are known to the public Internet. A commercial user has a permanent, dedicated, high-speed leased Internet line connecting them to their ISP and one or more static IP addresses assigned by their ISP. A static IP address is always the same number; it never changes between logins to the ISP. They have an official registered domain name that points to one of the static IP address which points to their PC that is acting as their gateway. If the commercial user pays for a large block of static IP addresses then they can use these IP address for the computers on the LAN and not need to use NAT (network address translation). Their email will arrive at the gateway PC and is processed by their mail server directly. They do not use their ISP to receive and hold their email for them.

An non-commercial user, like the home user, uses a phone line dial in login to their ISP on a limited speed connection or has a 24/7 cable or DSL high speed connection and gets assigned a single dynamic IP address which changes every time they login. Their ISP receives and holds all their email for them. The only way a public Internet user can find them is if that know the dynamic IP address currently in use by them. From the ISP viewpoint a non-commercial user uses a very small amount of its overall resources and so charges much less for a single user account.

The FBSD system that is acting as the gateway can also be configured to provide different levels of network sharing depending on what kind of operating systems are running on the PCs connected to the LAN. For Unix-like operating systems NFS provides network file and device sharing, while the FBSD port application Samba does the same thing for MS/Windows PCs on the LAN. These facilities, NFS and Samba are not covered in this guide as they are more applicable to commercial users who have large LANs.

See this link for Samba details

See the following links for details on FBSD NFS:

Home User LANs

Normally each family member would have to have their own phone line and unique ISP account to connect all of the family PCs to the Internet simultaneously. This is a costly way of doing this. The alternative is to have a single FBSD system gateway connect to an ISP and then network the other family members PC's behind the gateway using private IP addresses and NAT (Network Addressing Translation) so everything leaving the gateway system looks like it came from the single dynamic IP address assigned by the ISP. Your ISP can not tell if the packet passing through them has been NATed or not.

Installer Note: When you sign up for service with your ISP you have to sign a user agreement that basically says you are not allowed to do NAT on your PC or run email services or web servers. If you are caught, it's grounds for them to terminate your account. Never tell your ISP tech support people what you are doing. Most ISP's leave open all the ports except the port used by an email server, which they block. More recently some ISPs have started to also block the web server port number.

Another simple to configure facility is an anonymous FTP server on the FBSD gateway so LAN users can post files there that they want to pass to other LAN users. This allows them to pass large files between LAN users.

The LAN can be populated with both MS/Windows boxes and FBSD boxes and not cause any problems. ISP's usually allow 5 email address per dial in account. Each family member can have their own email address and using the email client on their PC get their email directly from the ISP email server. Or you can run a task on the FBSD gateway box to download the email from the ISP account on a recurring schedule and store it in the FBSD built in email server called sendmail, and then have all the LAN users get their email from the sendmail server without having the FBSD gateway connected to the Internet.

Topography of a LAN

       __________         ________             _____ 
      |          |       |        |           |     | 
      |  FBSD/GW |       | switch |<--------->| LAN |
      |          |       | or     |           | PC1 |    _____
      |      NIC |<----->| hub    |<--|       |_____|   |     |
      |__________|       |________|   |                 | LAN |
                                      |<--------------->| PC2 |

The above diagram shows a simple single LAN circuit. Your FBSD gateway box needs a NIC for each separate LAN circuit. Each circuit must use a unique IP address subnet. You cable the LAN NIC from the back of the FBSD gateway PC to a network switch or hub. A small cheap switch normally has 5 plugs. One plug for each PC on the LAN including the FBSD gateway. You run a cable from the switch to the NIC of each PC you want on the LAN. A LAN circuit can handle many PC's and many downstream switches as long as the max distance of the cable is not exceeded. To add more LAN users you create another circuit by adding another NIC in the FBSD box connected to another switch which has more LAN PC's connected to it. Please note, this is a very simplified LAN description and layout, but is adequate for basic understanding of how the physical parts of the LAN are cabled together.

For the home user with just two PCs, you can cable your FBSD LAN NIC directly to the other PC's NIC with a special crossover cable.

Installing the LAN

Your PC should have two NIC already installed. During the boot of FBSD review the /var/run/dmesg.boot log to verify that your PCI NIC were found.

This is what you are looking for. This means that FBSD GENERIC kernel found your NIC. The dc0 name will be different depending on the manufacture of your NIC.

dc0: <Macronix 98715/98715A 10/100BaseTX> port 0xdc00-0xdcff mem 0xe3000000-0xe30000ff irq 3 at device 19.0 on pci0 dc0: Ethernet address: 00:80:c6:f2:2e:3b miibus0: <MII bus> on dc0> dcphy0: <Intel 21143 NWAY media interface> on miibus0 dcphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto

dc0 is the NIC FBSD internal interface name.

The generic kernel contains device statements for most of the NIC currently on the market. If the /var/run/dmesg.boot log shows your NIC as

pci0: <unknown card> (vendor=0x1274, dev=0x5000) at 19.0

or no message to indicate the probe of the BOIS found any PCI devices, then you may have an older BOIS on your PC which does not handle PCI cards very well. On older (IE: pre Y2K) PC BOIS, it's very common for the system probe process of the bio's to be unable to find one or more PCI cards. If this happens to you, you have to do some research to determine the problem.

Try the pciconf -lv command to see if it gives you any useful info. Then review the GENERIC source at /usr/src/sys/i386/conf/GENERIC to see if it contains any device statement comments about your NIC based on the manufacturer or chips used. If you do find a device statement in the GENERIC source for your NIC, then add this statement to your kernel source and recompile your kernel.

device pun

This device has additional code to probe your system's BIOS using different methods which in most cases results in your PCI NIC being found.

If the review of the GENERIC kernel source produces no results, them review the kernel source file named LINT at /usr/src/sys/i386/conf/ for comments that describe your NIC by manufacturer name or chips used. Copy the appropriate device statements to the GENERIC kernel source file and then follow the instructions at Kernel Customizing. You will have to create a custom kernel from the GENERIC source including the device statement from the LINT source.

If you find no kernel device statements for your NIC, then it's not supported and you have to get one that is.

LAN private IP address

There are ranges of special IP addresses reserved for use on private LANs. These special IP address ranges are non-routable on the public Internet. They are listed in the /etc/hosts file.

According to RFC 1918, you can use the following IP address ranges for private networks which will never be connected to the Internet:    -  - -

These can also be written as

To communicate with the LAN PC's the FBSD system needs to know what the IP address range of the PC's on the LAN is and the LAN PC's needs to be configured with LAN network information so they know how to perform their part in the communication process.

There are two ways to accomplish this:

The manually way by hand, or

The automatic way using the FBSD port application DHCP.

Manually Configuring the Gateway host

Before you can manually configure each PC on the LAN by hand, you first have to collect some information from your FBSD gateway box. It's assumed you already have your gateway PC connection to the public Internet already working.

The configuration file /etc/resolv.conf is automatically populated with the IP address of your ISP's primary and secondary domain name servers every time you log in to your ISP. Write down these IP addresses you will need them to configure your LAN PCs.

Now you decide on the private IP address range to use for your LAN. This guide uses a very small portion of the range for the private Lan, which is This gives through The usable portion of the range is through, the and is the reserved pair for broadcasting.

The IP address of the NIC in the FBSD gateway will be The IP address of the first LAN PC to be manually configured will be

On the FBSD gateway system add these two statements to /etc/rc.conf to manually assign the FBSD LAN NIC an IP address and tell FBSD to act as a gateway for the LAN.

ifconfig_dc0="inet netmask"


The dc0 is the gateway interface name of the NIC the LAN is cabled to.

Manually configuring LAN FBSD PC

For a FBSD workstation PC on the LAN, add these statements to /etc/rc.conf to manually assign the FBSD LAN NIC an IP address. Be sure to change dc0 to the interface name of the Nic card in the FBSD LAN PC.

ifconfig_dc0="inet netmask"


Copy the FBSD gateway /etc/resolv.conf file to the FBSD LAN PC, replacing the one that's there. Or edit the FBSD LAN PC's /etc/resolv.conf so it's the same as the one from the FBSD gateway. Reboot system to enable your changes.

To test, ping the gateway server:

ping -c 4

Then test DNS by pinging:

ping -c 4

Manually config MS/Windows LAN PC

This procedure has been tested on MS/Windows 98, ME and XP.

Click on start, settings, control panel, networking. In the window the installed network components are displayed. Scroll through them and click to highlight the TCP/IP line for the NIC you are going to use to connect this box to your LAN. When it's highlighted, the properties button below the window becomes enabled. Click on the properties button and a window pops up which is where you manually configure the NIC TCP/IP network settings.

Under the IP address tab, click on specify IP address. For IP address enter

Under the gateway tab, new gateway window enter the IP address of the FBSD gateway and click the add button.

Under the DNS configuration tab, click on enable DNS. In the DNS server search order window enter the first of the two IP addresses you got from the FBSD gateway /etc/resolv.conf file. Click on the add button, then do same thing over again for the second IP address. When you're finished click on the OK button at the bottom of the pop up window, and click OK again. The system will reboot to activate your changes.

To test, click on start, run.

Enter C:\windows\

When a native DOS window opens, ping the gateway server:


Then test DNS:


The DNS servers will convert this domain name to an IP address and then send four pings to it. When this has completed, enter exit to leave native DOS mode.

For each additional FBSD or MS/Windows LAN PCs you want to add, just increment the last digit of the last assigned IP address by 1. You may have to keep a log book so you know what LAN IP addresses you have assigned. All LAN PCs connected to the FBSD gateway NIC have to use the same IP address sub-net, (IE: 10.0.10.x) where in this example x can be 1 through 6.

DHCP (Dynamic Host Configuration Protocol)

If you are following the 'incremental install method' recommended in this Installers Guide, you have now completed the basic install of the FBSD Gateway/Firewall server with attached LAN. Everything up to this point has been accomplished using the built in facilities available in the standard FBSD stable release.

In the previous section you manually configured your LAN PC's by hand with the information they needed to communicate with the FBSD gateway. DHCP is used to automate and control the automatic assignment of private IP addresses to your LAN environment.

What function does DHCP perform? The Dynamic Host Configuration Protocol (DHCP) is most commonly used in the situation where a LAN (local area network) has too many PC workstations for the LAN administrator to manually configuration each workstation with the information it needs to use for access on the LAN. To automate this process, DHCP was developed. DHCP usually runs on the gateway/firewall machine in server mode. It broadcasts its presence through the LAN to all the workstations who have a DHCP client version of DHCP installed. At workstation boot up it asks the DHCP server for the information necessary to configure itself for access to LAN services.

All Microsoft Windows machines have a DHCP client built in that defaults to using DHCP services without any user configuration. FBSD also has a built in DHCP client, but it needs manual user input to activate it. Many ISP's use DHCP on dial up, DSL, and cable access to achieve the same results a LAN administrator wants for his private LAN.

One of DHCP's major strengths is its ability to manage the dynamic assignment of IP addresses from a pool and to reuse any IP address released when a workstation is removed from the LAN or moved to a different location on the LAN, such as what normally happens in a company work place environment.

DHCP Server

To add a DHCP server to FBSD you have to install the port. The best and most commonly used port for this purpose is the isc-dhcpd3 port. The ISC-DHCP3 server supports three mechanisms for IP address allocation. In "automatic allocation", DHCP assigns a permanent IP address to a client. In "dynamic allocation", DHCP assigns an IP address to a client for a limited period of time (or until the client explicitly relinquishes the address). In "manual allocation", a client's IP address is assigned by the network administrator, and DHCP is used simply to convey the assigned address to the client. Dynamic allocation is the only one of the three mechanisms that allows automatic reuse of am address that is no longer needed by the client to which it was assigned. A particular network will use one or more of these mechanisms, depending on the policies of the network administrator.

For our purpose of a simple DHCP server that would fill the needs of the common FBSD user we are going to configure the DHCP server for "dynamic allocation" mode.

How DHCP Works

When the dhcpd daemon starts up at FBSD boot time, it broadcasts its presence through the LAN, then it sleeps and listens for broadcast requests for network configuration information from the LAN workstations. By default, it will listen on UDP port 67. When such a request is received, then the server will reply to the client machine on UDP port 68, providing the details required to connect to the network such as the IP address assigned to the workstation, subnet mask, default gateway and DNS servers names or IP addresses. Also included with this reply is a length of time for which this information can be used by that particular client. This is known as a DHCP "lease" and a new lease must be acquired by the client when it expires. The length of time for which a lease is valid is decided by the administrator of the DHCP server. The DHCP server keeps a database of leases it has issued in /var/db/dhcpd.leases File. This file is written as a log and can be edited. See man dhcpd.leases which gives a slightly longer description. DHCP clients can obtain a great deal of information from the server. An exhaustive list may be found in man dhcp-options & man dhcpd after DHCP is installed.

DHCP Configuration Instructions

To install the DHCP software, use the FBSD dhcp package using the following command

pkg_add -rv isc-dhcp3-server

To start the DHCPD server at boot time add the following statements in the /etc/rc.conf file.

ee /etc/rc.conf


The -q option will turn off the copyright banner that displays during the FBSD boot up and in the DHCP log every time a broadcast is issued by the DHCP daemon or when a request is received from a workstation DHCP client.

The dc0 is to be replaced with the interface name of the LAN NIC you want DHCP service on from your gateway/firewall FBSD system.

The dhcpd.conf file is delivered as a sample file so you have to make a copy of it without its sample suffix. It contains a lot of comments and commented out statement examples which you can comment out or delete. Edit the main DHCP configuration file and make it look like this.

cp dhcpd.conf.sample dhcpd.conf

ee dhcpd.conf

option domain-name "";
option domain-name-servers,;
# 600=10min, 7200=2 hours, 86400=1 day, 604800=1 week, 2592000=30 days
default-lease-time 86400;
max-lease-time 604800;
ddns-update-style none;
log-facility local1;
# No service will be given on this subnet, but declaring it helps the 
# DHCP server to understand the network topology.
subnet netmask { }

# This is the subnet declaration.
# Max of 6 pc on LAN -
# is the IP address of the Nic card in FBSD
# is the broadcast IP address 
subnet netmask {
option routers;}

The option domain-name ""; is the user selected domain name from the hostname="" statement of /etc/rc.conf.

The option domain-name-servers contains the DSN server's IP addresses of your ISP from /etc/resolv.conf nameserver statements which get populated automatically when you connect to your ISP. If you have your own private LAN domain DSN server, make it the first one in the list, and in that case you can use full domain names instead of IP address (such as,

The default-lease-time and max-lease-time have values in seconds to set the elapse period for these function. The values I show are good to go with.

The authoritative; options tells the DHCP daemon server that it is the boss and is in control of issuing all the information to the LAN DHCP clients.

The ddns-update-style none; tells DHCP that there is no local LAN DSN server. If you have one, change this from none to interim. In the dhcpd.conf.sample you will see comments saying none and ad-hoc are the two options. This is no longer true for DHCP version 3.0. Ad-hoc has been deactivated and replaced with interim. See man dhcpd.conf for details.

The log-facility allows you to segregate the DHCP messages to a separate log for recording. You are going to use local1 for logging of DHCP server error messages;

subnet netmask {
option routers; }

The subnet netmask statement declares the maximum subnet IP address range. In this case the last three digits in the netmask, 248 determines the range. This means a total of 8 IP addresses, through are allocated as the subnet range. and are reserved for the broadcast process.

The range; is saying this range of IP addresses makes up the pool of addresses that are to be used for dynamic IP allocation to DHCP clients. It's a small home LAN with only two MS/Windows boxes and a single FBSD box on it now. That can grow to six machines without making any changes to this statement group.

The option routers statement is a bit miss-leading. What this is referring to is the NIC in the FBSD box the DHCP server runs on and the LAN being configured is cabled to. In our case the NIC has an IP address of which is specified in /etc/rc.conf by the ifconfig_dc0="inet netmask" statement.

The principle behind bitmasks and netmasks is simple, but often confusing to new users as it requires knowledge of binary numbers. For a quick reference, the following table illustrates what network ranges are indicated by the corresponding bitmasks/netmasks up to a default class C netmask.

Bitmask Netmask Total IP's / Usable IP's

 32         1              1
 31         2              1
 30         4              2
 29         8              6
 28        16             14
 27        32             30
 26        64             62
 25       128            126
 24         256            254
 22       16320          16318
 20       32768          32766
 16         65536          65534
 12   8.388608+e6    8.388606+e6 
  8           256^3      (256^3)-2
  0  (all IP's) 256^4       (256^4)-2

As you can see, there is a definite pattern. The number of total IP's always doubles, and the number of usable IP's is always total - 2. This is because for every IP network/subnet there are two IP's reserved for the network and broadcast addresses. The netmask's last octet starts at 255 and constantly decreases by multiples of 2, while the bitmask decreases by multiples of 1, because in binary, each shift over to the left halves the number, not divides by ten like in the decimal number system. This same pattern goes for all possible netmasks and bitmasks.

Since you told DHCPD to use local1 for logging in the dhcpd.conf configuration file above, you now have to complete the logging environment configuration by adding the following statement to /etc/syslog.conf.

ee /etc/syslog.conf

local1.notice         /var/log/dhcpd.log

This log file does not exist, so you must create it.

touch /var/log/dhcpd.log

To activate the changes to /etc/syslog.conf you can reboot or force the syslogd task into re-reading /etc/syslog.conf by issuing this console command

/etc/rc.d/syslogd reload 

Now you must set up log rotation. Add this statement.

ee /etc/newsyslog.conf

/var/log/dhcp.log          600 3 100 * B

You can change the log rotation triggers to whatever you want. See man newsyslog for info on what the trigger values mean.

The DHCPD daemon has a start up script located at /usr/local/etc/rc.d/

This directory location is where FBSD looks for files that end in .sh and executes them at the end of the boot process to start the applications.

You can administer the DHCPD server from the command line using

/usr/local/etc/rc.d/ start 

Restart is used to reread dhcp.conf file after making changes.

Now manually start DHCP by entering this on the command.

/usr/local/etc/rc.d/ start

Issue 'ps ax' command to see the DHCP daemon running in the active task list.

Testing the DHCPD Daemon

To test the DHCPD server you need a PC on the LAN.

First let's check the LAN MS/Windows box network configuration. Click on the following buttons in this order. Start/settings/control panel/network/. Highlight TCP/IP and click on properties button. In the IP address tab the 'obtain IP address automatically' should be to only thing check marked. All the fields in the other tabs must be blank. If this is what you have use the cancel buttons to back yourself out. If you answer ok, you may have to have the windows install CDROM to update the network section.

Windows 98, 2000, ME and XP have a program c:/windows/winipcfg.exe which will show you the DHCP info it's using. Start the winipcfg program by clicking on start, run, and type c:/windows/winipcfg.exe into the run window and then hit the OK button. Click on the more info button to see everything. You should be able to comprehend what you see back to the dhcpd.conf options as explained above. Click on the 'renew all' button to acquire a new DHCP lease.

FBSD as a DHCP Client

The isc-dhcp3 port comes with a client. I am not going to cover the isc-dhcp3 port client configuration process, because FBSD comes with a DHCP client built into the basic FBSD system.

To activate the built in dhcp client on a FBSD LAN PC, edit /etc/rc.conf and add the following statement to tell FBSD what interface the client DHCP should use:

ee /etc/rc.conf

ifconfig_dc0="DHCP"     # Where dc0 is the FBSD Nic card interface name.

That's it, configuration complete. Reboot to activate your changes.

Personal tools