Problem with pf, which is not doing NAT
Michael Lednev
michaek at mail.ru
Fri Jul 4 13:30:33 UTC 2008
assetburned пишет:
> Hi,
>
> I try to use a FreeBSD machine as a gateway with 2 LAN, one WAN
> connection and a local Squid.
>
> All I want to do for the beginning is do NAT the whole traffic to the
> Internet. The whole traffic should be go directly to the WAN interface
> If one of the users want to, than he should be able to use the Squid.
> But as I said, they don't have to... at least for the beginning.
>
> Now my problem, the only way to access the internet at the moment is
> to use the Squid. OK not bad, at least something is working, but not
> the way I want :-/
>
> It would be nice if I could still access my SSHd after setting up the
> new pf.conf, which is working at the moment.
>
> I have, in my sysctrl.conf, a net.inet.ip.forwarding=1 line and while
> booting up it is set to one.
>
> My pf.conf is this.
>
> ExtIF1 = "ed0"
> ExtIF = $ExtIF1 # i know a bit useless
> IntIF1 = "ed1"
> IntIF2 = "ed2"
> IntIF = "{" $IntIF1 $IntIF2 "}"
> LocIF = "lo0"
> scrub log on $ExtIF all random-id min-ttl 254 max-mss 1452 reassemble
> tcp fragment reassemble
> no rdr on $LocIF from any to any
> nat on $ExtIF from $IntIF1:network to any -> ($ExtIF)
> nat on $ExtIF from $IntIF2:network to any -> ($ExtIF)
>
> So any ideas?
do you have gateway_enable="YES" in /etc/rc.conf?
More information about the freebsd-questions
mailing list