setting up a FreeBSD access point (hostap, natd)
Kristof Provost
kp at FreeBSD.org
Fri Nov 25 12:36:24 UTC 2016
On 25 Nov 2016, at 12:54, Christoph P.U. Kukulies wrote:
> Am 25.11.2016 um 12:46 schrieb Kristof Provost:
>> nat on re0 inet from 192.168.0.0/24 to any -> (re0)
>
> Thanks. I'll try that. What does (re0) mean (in parens)? Just curious.
>
That rule tells pf to NAT traffic from your internal IP range, and to
map it onto the IP address assigned to re0.
That’s what the ‘(re0)’ means. You could also do this (assuming
your WAN IP is 1.2.3.4):
nat on re0 inet from 192.168.0.0/24 to any -> 1.2.3.4
> Do I have to put anything more into pf.conf?
>
That depends on what you want your firewall to do, but you’ll likely
want a couple more things, yes.
At a minimum I’d do this:
set skip on lo0
scrub on re0 fragment reassemble
nat on re0 inet from 192.168.0.0/24 to any -> (re0)
# Example port forwarding rule
rdr on re0 proto tcp from any to any port 22 -> 192.16.0.10 port 22
pass in
pass out
pf is also documented in the handbook:
https://www.freebsd.org/doc/en/books/handbook/firewalls-pf.html
Regards,
Kristof
More information about the freebsd-questions
mailing list