Date: Fri, 04 Jul 2008 11:32:04 +0400 From: Michael Lednev <michaek@mail.ru> To: assetburned <freebsd@assetburned.de> Cc: freebsd-questions@freebsd.org Subject: Re: Problem with pf, which is not doing NAT Message-ID: <486DD1F4.7010606@mail.ru> In-Reply-To: <AC91809B-C337-401D-8227-49A43740F8F6@assetburned.de> References: <AC91809B-C337-401D-8227-49A43740F8F6@assetburned.de>
next in thread | previous in thread | raw e-mail | index | archive | help
assetburned пишет:
> Hi,
>
> I try to use a FreeBSD machine as a gateway with 2 LAN, one WAN
> connection and a local Squid.
>
> All I want to do for the beginning is do NAT the whole traffic to the
> Internet. The whole traffic should be go directly to the WAN interface
> If one of the users want to, than he should be able to use the Squid.
> But as I said, they don't have to... at least for the beginning.
>
> Now my problem, the only way to access the internet at the moment is
> to use the Squid. OK not bad, at least something is working, but not
> the way I want :-/
>
> It would be nice if I could still access my SSHd after setting up the
> new pf.conf, which is working at the moment.
>
> I have, in my sysctrl.conf, a net.inet.ip.forwarding=1 line and while
> booting up it is set to one.
>
> My pf.conf is this.
>
> ExtIF1 = "ed0"
> ExtIF = $ExtIF1 # i know a bit useless
> IntIF1 = "ed1"
> IntIF2 = "ed2"
> IntIF = "{" $IntIF1 $IntIF2 "}"
> LocIF = "lo0"
> scrub log on $ExtIF all random-id min-ttl 254 max-mss 1452 reassemble
> tcp fragment reassemble
> no rdr on $LocIF from any to any
> nat on $ExtIF from $IntIF1:network to any -> ($ExtIF)
> nat on $ExtIF from $IntIF2:network to any -> ($ExtIF)
>
> So any ideas?
do you have gateway_enable="YES" in /etc/rc.conf?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?486DD1F4.7010606>