I am trying to do this with ipfw instead of pf because of it's faster. This is the script for firewall, I run it and client can reach the freebsd pppoe server just fine. But not to the internet.
Also on /etc/rc.conf I added this:
In pf I used to this, and it worked very well. But it's too slow, I need something faster with ipfw with kernel:
Code:
root@user-freebsd:/home/user # cat firewall.sh
#!/bin/sh
# Flush tüm kurallar ve NAT objelerini temizle
ipfw -q -f flush
# Kernel NAT oluştur
ipfw nat 1 config if re0 same_ports reset
ipfw add 100 nat 1 ip from 192.168.0.0/24 to any out via re0 #re0 where the internet reaches to this PC
ipfw add 200 allow ip from any to any via vlan35#this is the re1 actually, which gives via vlan35
ipfw add 210 allow ip from any to 192.168.0.1
ipfw add 65000 allow ip from any to any via lo0
ipfw add 65500 allow ip from any to anyAlso on /etc/rc.conf I added this:
Code:
gateway_enable="YES"
pf_enable="NO"
ifconfig_ng0="DHCP"
firewall_enable="YES"
firewall_type="open" #I run the above script later to change it.
ifconfig_re0="DHCP"In pf I used to this, and it worked very well. But it's too slow, I need something faster with ipfw with kernel:
Code:
ext_if = "re0"
int_if = "ng0"
set skip on lo
# NAT kuralı (tüm internal ağ için)
nat on re0 from 192.168.0.0/24 to any -> (re0)
# İç ağdan dışa trafik izinli
pass in all
pass out all keep state
