Simple ipfw problem :(
Björn König
bkoenig at cs.tu-berlin.de
Thu Jun 23 12:22:06 GMT 2005
Peter wrote:
> with my old linux box I forward all my LAN traffic coming from eth1 via
> eth0 with these simple 3 lines
>
> $IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
> $IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT
> $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> Howevr I moved the box to FreeBSD 5.4 and also I have a new connection
> PPPoE. I enabled the IPDIVERRT, FIRREWALL etc in the kernel but I am
> unable to make traffic coming from rl0(internal interface) be forwaded
> via tun0( PPPoE interface).
>
> I have gateway_enable='yes', tried playing with ppp_nat etc...
>
> But no luck....
>
> Is there a simple way to do that with ipfw ? Please help - I am little
> bit confused...
Actually you don't need ipfw or any other packet filter to set up a
simple internet access point for clients in a LAN. This configuration
should be enough:
---- ppp.conf ----
myisp:
set device PPPoE:<interface>
set log Phase IPCP CCP Warning Error Alert
add! default HISADDR
set authname <username>
set authkey <password>
----
Note: <interface> is your external network interface, i.e. neither rl0
nor tun0.
---- rc.conf ----
gateway_enable="YES" # "sysctl net.inet.ip.forwarding=1" at startup
ppp_enable="YES"
ppp_mode="ddial"
ppp_profile="myisp"
ppp_nat="YES" # alternatively "nat enable yes" in ppp.conf
----
I hope I didn't forget about something.
Björn
More information about the freebsd-questions
mailing list