Problem with pf, which is not doing NAT
assetburned
freebsd at assetburned.de
Thu Jul 3 16:37:33 UTC 2008
Hi,
I try to use a FreeBSD machine as a gateway with 2 LAN, one WAN
connection and a local Squid.
All I want to do for the beginning is do NAT the whole traffic to the
Internet. The whole traffic should be go directly to the WAN interface
If one of the users want to, than he should be able to use the Squid.
But as I said, they don't have to... at least for the beginning.
Now my problem, the only way to access the internet at the moment is
to use the Squid. OK not bad, at least something is working, but not
the way I want :-/
It would be nice if I could still access my SSHd after setting up the
new pf.conf, which is working at the moment.
I have, in my sysctrl.conf, a net.inet.ip.forwarding=1 line and while
booting up it is set to one.
My pf.conf is this.
ExtIF1 = "ed0"
ExtIF = $ExtIF1 # i know a bit useless
IntIF1 = "ed1"
IntIF2 = "ed2"
IntIF = "{" $IntIF1 $IntIF2 "}"
LocIF = "lo0"
scrub log on $ExtIF all random-id min-ttl 254 max-mss 1452 reassemble
tcp fragment reassemble
no rdr on $LocIF from any to any
nat on $ExtIF from $IntIF1:network to any -> ($ExtIF)
nat on $ExtIF from $IntIF2:network to any -> ($ExtIF)
So any ideas?
cu AssetBurned
More information about the freebsd-questions
mailing list