PPPoE client+pf+nat

Andreas Rudisch cyb. at gmx.net
Tue Oct 27 14:36:05 UTC 2009

On Tue, 27 Oct 2009 06:51:26 -0700 (PDT)
Dánielisz László <laszlo_danielisz at yahoo.com> wrote:

> Let's say I have two NICs in my PC: ext_if (for wan/pppoe connection) and int_if for my LAN.
> How would you manage to get work NAT with pf using PPPoE from my ISP

As a start your pf.conf could look a bit like this:
ext_if = "tun0"
int_if = "em1"
localnet = $int_if:network

set block-policy return
set skip on lo0

scrub in all

nat on $ext_if from $localnet to any -> ($ext_if)

antispoof for ($ext_if)
antispoof for $int_if

block in log all

pass inet from { lo0, $localnet } to any
pass out on $ext_if all

GnuPG key  : 0x2A573565    |    http://www.gnupg.org/howtos/de/
Fingerprint: 925D 2089 0BF9 8DE5 9166  33BB F0FD CD37 2A57 3565
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20091027/a240f47d/attachment.pgp

More information about the freebsd-questions mailing list