Router Gateway with FreeBSD-10.0-RELEASE-amd64

Hi everyone, I have already read some post here about guys having trouble configuring their FreeBSD for play the gateway-router roll. I also have already try it out, but when the lan machines ask my "gateway's -gateway" for an answer they seems to be blind. I read some post-guides not in the forum but they are too much specific and adapted to their issues. I just want someone to post list-kind the basics aspects to consider for this to work, because i've done this http://www.freebsd.org/doc/handbook/network-routing.html and nothing happens.

Thks
 
Hello,

Basically you need to enable routing in /etc/rc.conf and enable pf for traffic translation:
Code:
defaultrouter="ISP modem IP address"
gateway_enable="YES"

# PF
pf_enable="YES"
pflog_enable="YES"

Then you need to NAT outgoing traffic in /etc/pf.conf. The following is a basic example which does just that, but does not block anything:
Code:
# basic NAT #
lan_if="re0"
egress="re1"

set skip on lo
set loginterface $egress
scrub in all no-df max-mss 1440

nat on $egress from $lan_if:network to any -> ($egress:0)
pass out quick on $egress keep state
pass out quick on $lan_if keep state
pass in quick on $lan_if inet keep state
pass

You have to modify this example by modifying at least the interface name re0 to your LAN interface name and re1 to your outgoing interface. It is just a starting configuration, once working, it's best to have a default deny, and then to allow what you need. That is the minimal configuration to do I think. Then, you can enable a local DNS service and install a DHCP server to push network parameters to the clients (IP, mask, gateway, DNS).

Regards,
Guillaume

post edited by myself to fix the egress keyword
 
My bad, OpenBSD habit I'm sorry. In FreeBSD indeed I'm using a variable like this:
Code:
lan_if="re0"
egress="re1"

set skip on lo
set loginterface $egress
scrub in all no-df max-mss 1440

nat on $egress from $lan_if:network to any -> ($egress:0)
pass out quick on $egress keep state
pass out quick on $lan_if keep state
pass in quick on $lan_if inet keep state
pass

Thanks @aupanner, I fixed my first post as well.
 
Last edited by a moderator:
Back
Top