From owner-freebsd-questions@FreeBSD.ORG Thu Jul 3 16:37:33 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A01D41065674 for ; Thu, 3 Jul 2008 16:37:33 +0000 (UTC) (envelope-from freebsd@assetburned.de) Received: from mail-in-13.arcor-online.net (mail-in-13.arcor-online.net [151.189.21.53]) by mx1.freebsd.org (Postfix) with ESMTP id 5A3CF8FC17 for ; Thu, 3 Jul 2008 16:37:32 +0000 (UTC) (envelope-from freebsd@assetburned.de) Received: from mail-in-13-z2.arcor-online.net (mail-in-13-z2.arcor-online.net [151.189.8.30]) by mail-in-13.arcor-online.net (Postfix) with ESMTP id A41641E50A7 for ; Thu, 3 Jul 2008 18:37:30 +0200 (CEST) Received: from mail-in-13.arcor-online.net (mail-in-13.arcor-online.net [151.189.21.53]) by mail-in-13-z2.arcor-online.net (Postfix) with ESMTP id 8CACD1B8E00 for ; Thu, 3 Jul 2008 18:37:30 +0200 (CEST) Received: from Fleas-MacBook.home (host81-151-209-208.range81-151.btcentralplus.com [81.151.209.208]) (Authenticated sender: florian.hannemann@arcor.de) by mail-in-13.arcor-online.net (Postfix) with ESMTP id 40E3A31D8E4 for ; Thu, 3 Jul 2008 18:37:30 +0200 (CEST) Message-Id: From: assetburned To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v926) Date: Thu, 3 Jul 2008 17:37:27 +0100 X-Mailer: Apple Mail (2.926) X-Virus-Scanned: ClamAV 0.93/7407/Mon Jun 9 04:21:00 2008 on mail-in-13.arcor-online.net X-Virus-Status: Clean Subject: Problem with pf, which is not doing NAT X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2008 16:37:33 -0000 Hi, I try to use a FreeBSD machine as a gateway with 2 LAN, one WAN connection and a local Squid. All I want to do for the beginning is do NAT the whole traffic to the Internet. The whole traffic should be go directly to the WAN interface If one of the users want to, than he should be able to use the Squid. But as I said, they don't have to... at least for the beginning. Now my problem, the only way to access the internet at the moment is to use the Squid. OK not bad, at least something is working, but not the way I want :-/ It would be nice if I could still access my SSHd after setting up the new pf.conf, which is working at the moment. I have, in my sysctrl.conf, a net.inet.ip.forwarding=1 line and while booting up it is set to one. My pf.conf is this. ExtIF1 = "ed0" ExtIF = $ExtIF1 # i know a bit useless IntIF1 = "ed1" IntIF2 = "ed2" IntIF = "{" $IntIF1 $IntIF2 "}" LocIF = "lo0" scrub log on $ExtIF all random-id min-ttl 254 max-mss 1452 reassemble tcp fragment reassemble no rdr on $LocIF from any to any nat on $ExtIF from $IntIF1:network to any -> ($ExtIF) nat on $ExtIF from $IntIF2:network to any -> ($ExtIF) So any ideas? cu AssetBurned