Internet Connection Sharing in FreeBSD?

[mefizto]

Greetings all,

I have been using ICS from an XP laptop to the FreeBSD box. Since I was successful in enabling wlan0 on the FreeBSD box I would like to use its sk0 interface for connection sharing.

Since I do not have much experience with networking, I was wondering if someone could recommend good reference explaining basic concepts and/or HowTo enabling connection sharing.

Kindest regards,

M

 

[trybeingarun]

I use PF for NATting and my firewall setting looks like this. Use the parts which you want.
Do not forget to set gateway_enable="YES". Also enable ipv4 forwarding in your sysctl.

##MACROS
rtorrent="55556:55560"
new_ssh = "30000"
ext_if = "re0"
int_if = "rl0"
localhost = "172.31.113.78"
protocol = "{tcp, udp}"
all_proto = "{tcp, udp, icmp}"

int_net="172.31.0.0/16"

##TABLES

##OPTIONS
set block-policy return
set skip on lo0
set skip on rl0

##NORMALIZATION
scrub in  all


##QUEUEING
altq on $ext_if priq bandwidth 410Kb queue { q_pri, q_def }
queue q_pri priority 7
queue q_def priority 1 priq(default)


##TRANSLATION RULES

#modem = "192.168.1.1/32"
#to share broadband
#sudo route change default 192.168.1.1 //make sure gateway is proper
nat on $ext_if from $int_net to any -> ($ext_if)

#enable ssh in port 30000
rdr on $ext_if proto $protocol to port $new_ssh ->  ($ext_if) port ssh
rdr on $ext_if proto $protocol to port smtp ->  ($ext_if) port ssh

#disable ssh in port 22
rdr on $ext_if proto $protocol to port ssh ->  ($ext_if) port $new_ssh


##FILTERS
block in on $ext_if all
pass out all keep state


#ALTQ support

pass out on $ext_if proto tcp from $ext_if to any flags S/SA \
       keep state queue (q_def, q_pri)

pass in  on $ext_if proto tcp from any to $ext_if flags S/SA \
       keep state queue (q_def, q_pri)


#pass in on $ext_if inet proto $protocol from any to $localhost port
22 keep state
pass in on $ext_if proto $protocol from any to any port 22 keep state
pass on $ext_if proto "icmp"

pass in $ext_if proto $protocol to port $rtorrent keep state

 

[SirDice]

Do not forget to set gateway_enable="YES". Also enable ipv4 forwarding in your sysctl.

That sysctl already gets set because of the gateway_enable. No need to also set it in /etc/sysctl.conf

IMO the simplest to use is PF and a really, really basic config looks like this:

# External (WAN) interface
ext_if="rl0"
# Internal (LAN) interface
int_if="rl1"
# Internal network addresses
int_nets="{ 192.168.1.0/24, 192.168.2.0/24 }"

# NAT: translate all LAN addresses to the external IP address 
nat on $ext_if from $int_nets to any -> ($ext_if)

# Block everything from outside to in
block in on $ext_if from any to any

# Allow LAN traffic to outside
pass in $int_if from $int_nets to any keep state

You may also want to install net/isc-dhcp31-server to provide the DHCP service.

 

[kpedersen]

Hello,

Just follow this great documentation from the handbook...

http://www.freebsd.org/doc/en/books/handbook/network-natd.html

I don't think you will have to mess with the firewall rules, there is already a predefined one to let everything through.

Good luck. It is very satisfying once you understand what is happening

 

[mefizto]

Dear trybeingarun,

thank you for the reply; I really appreciate your willingness to help. Unfortunately, as I noted, I am inexperienced in networking, so I cannot understand at all what your code is doing.

Dear SirDice,

thank you for the code, I believe that with the comments provided therein and the Handbook, I will be able to understand it and implement it.

Dear kpedersen,

I did, indeed looked at the Handbook first, but, it was rather difficult for me to follow. But now with SirDice's code and the Handbook, I will go through it again and hopefully make it work.

Kindest regards,

M

 

[kusanagiyang]

Thank you so much, guys. This is my (extremely) simple configuration to get it to work.

in /etc/rc.conf, one needs to add:

gateway_enable="YES"
pf_enable="YES"
pf_flags=""
pf_rules="/etc/pf.conf"

in /etc/pf.conf, one needs to have:

#wlan0 is my wireless NIC
ext_if="wlan0"
#bge0 is my wired NIC connected to other devices needing Internet
int_if="bge0"
#192.168.0.0/24 is my internal network, 192.168.43.0/24 is my wireless network
int_nets="{ 192.168.0.0/24, 192.168.43.0/24 }"
#these lines I do not fully understand....
nat on $ext_if from $int_nets to any -> ($ext_if)
block in on $ext_if from any to any
pass in on $int_if from $int_nets to any keep state

p.s. I have to include the 192.168.43.0/24 in int_nets, else I would lost Internet connection on this box. Again, I am clueless why this is the case...

 

[SirDice]

Please note that you are responding to a thread that's almost 6 years old. If you have any specific questions please open a new thread.