So I drew a picture of matroid yesterday and I think I understand all of the pieces. Now, it's going about putting them together. Let's just get everything installed and then worry about making it all work together, how about? First we'll get the DHCP server.
I'm using the default dhcpd (which I hear is pretty common) so I went to /usr/ports/net/isc-dhcp3-server and typed
% make install clean
to go ahead and compile, install, and clean up the binaries (simple enough). This can be entered as three lines, but why bother? Anyway, I'll still need to edit /etc/rc.conf to make it automatically start on bootup. Starting DHCP automatically is probably fine, but probably some of the other stuff will need to be started manually so that real internet comes through first. Basically, packet filtering needs to be turned on halfway through, but we're going to need to assign dhcp addresses all weekend. While installing, I started reading about configuration in the FreeBSD handbook (one of my best friends... excellent documentation, honestly).
First I copied /usr/local/etc/dhcpd.conf.sample to /usr/local/etc/dhcpd.conf so that I could do the configuration. Ooookay, this is kind of complicated. I'm not sure how to configure the DHCP server yet. So let's wait on that. But the command to run the daemon is
% /usr/local/etc/rc.d/isc-dhcpd.sh start
SIGHUP does not reload the configuration file, gotta send a SIGTERM and restart the daemon. A database of assigned leases is kept in /var/db/dhcpd.leases .. check man dhcpd.leases(5) and probably I should look at man dhcpd anyway. In case we need to forward requests from one DHCP server to another, install /usr/ports/net/isc-dhcp3-relay and use dhcrelay.
Already did IPFilter, so let's see if we can get squid. Squid is in /urs/ports/www/squid and now installing. Somehow I will have to prevent squid from doing very much caching though - it could fill the entire disk very shortly I think. Now we just need squidguard and lighttpd. Okay, squidguard installed.
Remember for later, to activate squidguard, edit squid.conf to include
and create a configuration file for squidGuard. To active the changes:
% /usr/local/sbin/squid -k reconfigure
Now I should install lighttpd. Alright, as soon as that's done we have to start coordinating this mess. I think it makes some sense to get a rough familiarity with everything and a rough implementation working first, and then make a second pass if/when I run into problems. Perhaps bring in some more help, haha. So, first let's get NAT (with IPFilter) sending things to squid. Actually, let's first bring up squid and figure out how to get that working. I'm going to want IPFilter to send all port 80 traffic to squid. Well, right now I have to go hang out with people, haha, so at least everything is installed.