I prepared a router with FreeBSD with two network interfaces:
- rl0 -> Ethernet diretta ADSL (IP: 192.168.1.101);
- ral0 -> shceda wifi HostAP (IP: 192.168.2.1).
In /etc/sysctl.conf file I put:
In /etc/rc.conf file I put:
I have installed DHCP server for WiFi:
In /usr/local/etc/dhcpd.conf file I put:
In /etc/rc.conf file I put:
I changed kernel configuration for PF:
In /usr/src/sys/i386/conf/FIREWALL file I put:
I have build a new custom kernel:
In /etc/pf.conf file I put:
In /etc/rc.conf file I put:
Reboot and it's OK!
Now I want to route all packets from WiFi port 80 to my internal proxy server (192.168.1.102) and then proxy to the Internet and back to the WiFi client. How can I do this in PF configuration?
Thanks!
- rl0 -> Ethernet diretta ADSL (IP: 192.168.1.101);
- ral0 -> shceda wifi HostAP (IP: 192.168.2.1).
In /etc/sysctl.conf file I put:
Code:
net.inet.ip.forwarding=1
In /etc/rc.conf file I put:
Code:
defaultrouter="192.168.1.1"
gateway_enable="YES"
hostname="marylin.it2000.it"
ifconfig_rl0="inet 192.168.1.101 netmask 255.255.255.0"
wlans_ral0="wlan0"
create_args_wlan0="wlanmode hostap"
ifconfig_wlan0="inet 192.168.2.1 netmask 255.255.255.0 ssid WiFiZone mode 11g channel 5"
I have installed DHCP server for WiFi:
# cd /usr/ports/net/isc-dhcp41-server
# make
# make install
# mv /usr/local/etc/dhcpd.conf /usr/local/etc/dhcpd.conf.orig
In /usr/local/etc/dhcpd.conf file I put:
Code:
option domain-name "it2000.it";
option domain-name-servers 208.67.222.222;
default-lease-time 3600;
max-lease-time 84600;
ddns-update-style ad-hoc;
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.2 192.168.2.254;
option routers 192.168.2.1;
}
In /etc/rc.conf file I put:
Code:
dhcpd_enable="YES"
dhcpd_ifaces="wlan0"
I changed kernel configuration for PF:
# cp /usr/src/sys/i386/conf/GENERIC /usr/src/sys/i386/conf/FIREWALL
In /usr/src/sys/i386/conf/FIREWALL file I put:
Code:
device pf
device pflog
device pfsync
I have build a new custom kernel:
# cd /usr/src
# make buildkernel KERNCONF=FIREWALL
# make installkernel KERNCONF=FIREWALL
# reboot
In /etc/pf.conf file I put:
Code:
ext_if = "rl0"
int_if = "wlan0"
internal_net = "192.168.2.0/24"
table <firewall> const { self }
scrub all reassemble tcp fragment reassemble
nat on $ext_if from $internal_net to any -> ($ext_if)
block drop log all
pass out quick on $ext_if inet proto udp from ($ext_if) to any port { 53, 123 } keep state
pass out quick on $ext_if inet proto tcp from ($ext_if) to any port { 80, 443 } flags S/SA keep state
pass in quick on $int_if inet proto tcp from $internal_net to !<firewall> flags S/SA modulate state
pass in quick on $int_if inet proto udp from $internal_net to !<firewall> keep state
In /etc/rc.conf file I put:
Code:
pf_enable="YES"
pflog_enable="YES"
pf_rules="/etc/pf.conf"
pflog_logfile="/var/log/pflog"
Reboot and it's OK!
Now I want to route all packets from WiFi port 80 to my internal proxy server (192.168.1.102) and then proxy to the Internet and back to the WiFi client. How can I do this in PF configuration?
Thanks!