PF not working on FreeBSD 10.1 with 2 NICs
If you have a dedicated FreeBSD 10.1 server at home, with 2 NICs, connecting WAN and LAN, what would a simple PF configuration look like?
It might sound like a RTFM question, but, after weeks of PF manual, FreeBSD handbook, websites and reboots, I only get a complete network black-out, when FreeBSD boots with IPFW disabled and PF enabled. Not even the following basic test configuration works. IPFW and NAT works (but with dead slow upload, when NAT is used).
rc.conf
/root/pf.conf
Reason for change to PF is the slow speed problem (5 kb/s) with IPFW and some Xen, Intel and other NICs. Confirmed by RootBSD.
If you have a dedicated FreeBSD 10.1 server at home, with 2 NICs, connecting WAN and LAN, what would a simple PF configuration look like?
It might sound like a RTFM question, but, after weeks of PF manual, FreeBSD handbook, websites and reboots, I only get a complete network black-out, when FreeBSD boots with IPFW disabled and PF enabled. Not even the following basic test configuration works. IPFW and NAT works (but with dead slow upload, when NAT is used).
rc.conf
Code:
...
pf_enable="YES"
pf_rules="/root/pf.conf"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pf.log"
pflog_flags=""
...
/root/pf.conf
Code:
lan = "bce0"
wan = "bge0"
table <blacklist> file "/root/pf-blacklist.txt"
scrub in on $wan all fragment reassemble
nat on $wan from $lan:network to any -> ($wan)
block all
block in log quick on $wan from <blacklist> to any
pass in on $lan
pass out on $wan
Reason for change to PF is the slow speed problem (5 kb/s) with IPFW and some Xen, Intel and other NICs. Confirmed by RootBSD.