Wifi gateway + firewall

K

KeresContorni

Hi all (sorry for bad English, I'm Italian), I have to make a gateway firewall:

- Ethernet connects to the Internet;
- Wifi open and free for laptop into office;

I have found a good guide in Handbook FreeBSD Host Access Points (free mode):
Handbook - 31.3.5

I have installed dhcpd server on wlan0 and I have tested with a laptop. Laptop gets IP address, netmask, gateway and dns from dhcp server via wifi. From dhcp I can ping the IP address on the WiFi card and the IP address on the Ethernet card on the server.

Now I have:

My laptop -> Wifi + dhcp + ethernet -> Internet.

Now I want to make this:

My laptop -> Wifi + dhcp -> Ethernet -> Internet.

Nat! But only for 80/tcp, 443 /cp, 53/tcp. Other tcp or udp deny.

I have found on the Internet: FreeBSD NAT

I have added in kernel configuration:

Code: 
options IPFIREWALL, IPDIVERT

Compiled kernel and installed.

In next boot I have to execute:
natd -n MyNetworkInterface

When I run [cmd=]ipfw -a show[/cmd] I see nothing… But the natd daemon is running…

Can anyone help me?
Thank you very much.
 
Ok, I have found a solution. WiFi as Access Point is OK with dhcp server.

In /etc/sysctl.conf I write:
Code: 
net.inet.ip.forwarding=1

In /etc/pc.conf I write:

Code: 
ext_if = "rl0"
int_if = "wlan0"
internal_net = "192.168.2.0/24"

nat on $ext_if from $internal_net to any -> ($ext_if)

Now it's perfect, but now I want to block all traffic in/out and I want to open only http, https, dns from wlan0 to internet. I want to go out from ethernet only for VPN access (for remote proxy).

Code: 
block drop log all
pass out log quick on $ext_if inet proto udp from ($ext_if) to any port { 53, 123, 80, 443 } keep state
Is it correct? for VPN? Any solution?
Thank's.
 
You must log in or register to reply here.
Back
Top