Hi,
I am a little bit lost.
I have the following setup: my FreeBSD machine is connecting to a wireless network over which I am connected to the Internet. Now I want to share this connection via my FreeBSD machine to the ethernet interface, using it as a gateway/NAT. My external network is in the 192.168.1.0/24 range, my internal one is in 10.0.0.0/24. The external one uses DHCP, for my internal one I just want to use static addresses for now to simplify things.
I tried both, pf and ipfw, read several webpages, but I can't get it to work
This is my /etc/rc.conf:
This is my pf.rules:
Probably there is an easier rules set than this.
I hope someone has an idea, thanks
I am a little bit lost.
I have the following setup: my FreeBSD machine is connecting to a wireless network over which I am connected to the Internet. Now I want to share this connection via my FreeBSD machine to the ethernet interface, using it as a gateway/NAT. My external network is in the 192.168.1.0/24 range, my internal one is in 10.0.0.0/24. The external one uses DHCP, for my internal one I just want to use static addresses for now to simplify things.
I tried both, pf and ipfw, read several webpages, but I can't get it to work
This is my /etc/rc.conf:
Code:
hostname="mini.hell.com"
keymap="german.iso.kbd"
wlans_iwn0="wlan0"
ifconfig_wlan0="WPA DHCP"
#ifconfig_wlan0_ipv6="inet6 accept_rtadv"
ifconfig_re0="inet 10.0.0.1 netmask 255.255.255.0"
#defaultrouter="192.168.1.1"
sshd_enable="YES"
moused_enable="YES"
ntpd_enable="YES"
powerd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="NO"
gateway_enable="YES"
pf_enable="YES"
pf_rules="/etc/pf.rules"
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
#natd_enable="YES"
#natd_interface="iwn0"
#natd_flags=""
This is my pf.rules:
Code:
### Options ###
set limit states 100000
### Macros ###
ext_if = "iwn0" # External network interface for IPv4
ext_if6 = "iwn0" # External network interface for IPv6
ext_addr = "192.162.1.112" # External IPv4 address (i.e., global)
int_if = "re0" # Internal network interface for IPv4
int_if6 = "re0" # Internal network interface for IPv6
int_addr = "10.0.0.1" # Internal IPv4 address (i.e., gateway for private network)
int_network = "10.0.0.0/24" # Internal IPv4 network
### Tables ###
# Host local address
table <local> const { 127.0.0.1 }
# IPv4 private address ranges
table <private> const { 10/8, 172.16/12, 192.168/16 }
# Special-use IPv4 addresses defined in RFC3330
table <special> const { 0/8, 14/8, 24/8, 39/8, 127/8, 128.0/16, 169.254/16, 192.0.0/24, 192.0.2/24, 192.88.99/24, 198.18/15, 240/4 }
### Scrub: Packet normalization ###
# Scrub for all incoming packets
scrub in all
# Randomize the ID field for all outgoing packets
scrub out all random-id
# If you have MTU problem or something like that
#scrub out all random-id max-mss 1400
### NAT ###
nat on $ext_if from $int_network to ! <private> -> $ext_addr
### Filters ###
# Permit keep-state packets for UDP and TCP on external interfaces
pass out quick on $ext_if proto udp all keep state
pass out quick on $ext_if6 proto udp all keep state
pass out quick on $ext_if proto tcp all modulate state flags S/SA
pass out quick on $ext_if6 proto tcp all modulate state flags S/SA
# Permit any packets from internal network to this host
pass in quick on $int_if inet from $int_network to $int_addr
# Permit established sessions from internal network to any (incl. the Internet)
pass in quick on $int_if inet from $int_network to any keep state
# If you want to limit the number of sessions per NAT, nodes per NAT (simultaneously), and sessions per source IP
# Please refer to <http://www.openbsd.org/faq/pf/filter.html> for greater detailed information
#pass in quick on $int_if inet from $int_network to any keep state (max 30000, source-track rule, max-src-nodes 100, max-src-states 500 )
# Permit and log all packets from clients in private network through NAT
pass in quick log on $int_if all
# Pass any other packets
pass in all
pass out all
Probably there is an easier rules set than this.
I hope someone has an idea, thanks