Hi All,
I am new to the PF, so maybe my problem is quite easy but i have not fount any solution on the net...
The issue is that I am trying to set up a FreeBSD based router with PF.
My ISP requires MAC address registration and only registered MACs are passed through. My external interface has changed MAC address (as shown in my rc.conf below).
My home network looks like this:
ISP -- FreeBSD -- LAN network
When PF is disabled, Internet works fine on a BSD machine. When it is enabled, it dies, and also does not work on LAN machines.
Please help with this, maybe I have missed something, maybe changing MAC address on an interface requires sth?
My /etc/rc.conf as follows:
My /etc/pf.conf looks like that:
Thanks in advance for your time!
I am new to the PF, so maybe my problem is quite easy but i have not fount any solution on the net...
The issue is that I am trying to set up a FreeBSD based router with PF.
My ISP requires MAC address registration and only registered MACs are passed through. My external interface has changed MAC address (as shown in my rc.conf below).
My home network looks like this:
ISP -- FreeBSD -- LAN network
When PF is disabled, Internet works fine on a BSD machine. When it is enabled, it dies, and also does not work on LAN machines.
Please help with this, maybe I have missed something, maybe changing MAC address on an interface requires sth?
My /etc/rc.conf as follows:
Code:
hostname="router.loc"
defaultrouter="212.xxx.xxx.xxx"
ifconfig_em0="inet 192.168.1.1 netmask 255.255.255.0"
ifconfig_ue0="inet 212.xxx.xxx.xxx netmask 255.255.255.224"
ifconfig_ue0_alias0=" ether 00:XX:XX:XX:XX:DD"
gateway_enable="YES"
ftpproxy_enable="YES"
pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pflog_flags=""
pflogd_enable="YES"
pfsync_enable="YES"My /etc/pf.conf looks like that:
Code:
### pf.conf
int_if = "em0"
ext_if = "ue0"
loc_if = "lo0"
set require-order yes
set block-policy drop
set loginterface $ext_if
scrub in all
nat on $ext_if inet from $int_if:network to any -> ($ext_if)
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021
pass in all
pass out all
block in log all
block in log quick on $ext_if inet proto tcp from any to any flags FUP/FUP
anchor "ftp-proxy/*"
pass in on $ext_if proto icmp all
pass out on $ext_if proto { tcp, udp, icmp } all keep state
pass in on $int_if all
pass on $loc_if allThanks in advance for your time!