Hi!
It's been a while since I'm trying to get my FreeBSD router working as expected but without a success.
I have a FreeBSD 9.0 box connected to Internet through re0. It has also re1 - re4 interfaces that look into my home LAN. My Internet provider has an internal LAN which I directly connect to via re0. But in order to reach Internet I have to establish a VPN connection.
Here is a problem: I have 2 out connections - re0 and ng0 and I need to route internal LAN to proper interface depending on the destination IP.
I have a working re0 interface, I also connect VPN trough ng0 and it works Ok. What I need is to set up a NAT service. I tried IPFW with kernel NAT:
with this setup everything pings OK - DNS servers, google, ...
But, when I try to browse some sites doesn't load. So almost all of simple sites loads ok but google.com not. Chrome indicates 'loading' for a very long time but then times out with a blank screen. Deny all rule doesn't indicate denied packets while I try to load google.com
I am sure there is a simple mistake that I made but I can't find it and don't know how to investigate.
It's been a while since I'm trying to get my FreeBSD router working as expected but without a success.
I have a FreeBSD 9.0 box connected to Internet through re0. It has also re1 - re4 interfaces that look into my home LAN. My Internet provider has an internal LAN which I directly connect to via re0. But in order to reach Internet I have to establish a VPN connection.
Here is a problem: I have 2 out connections - re0 and ng0 and I need to route internal LAN to proper interface depending on the destination IP.
I have a working re0 interface, I also connect VPN trough ng0 and it works Ok. What I need is to set up a NAT service. I tried IPFW with kernel NAT:
Code:
sysctl net.inet.ip.fw.one_pass=1
//allow all trough internal interfaces
...
ipfw nat 1 config if re0 reset same_ports deny_in
ipfw add 10130 nat 1 ip from any to any via re0
ipfw nat 2 config if ng0 reset same_ports deny_in
ipfw add 10140 nat 2 ip from any to any via ng0
ipfw add 65534 deny all from any to any
with this setup everything pings OK - DNS servers, google, ...
But, when I try to browse some sites doesn't load. So almost all of simple sites loads ok but google.com not. Chrome indicates 'loading' for a very long time but then times out with a blank screen. Deny all rule doesn't indicate denied packets while I try to load google.com
I am sure there is a simple mistake that I made but I can't find it and don't know how to investigate.