From owner-freebsd-questions@FreeBSD.ORG Fri Jul 4 13:30:33 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 521C01065676 for ; Fri, 4 Jul 2008 13:30:33 +0000 (UTC) (envelope-from michaek@mail.ru) Received: from big.innet.yaroslavl.su (big.innet.yaroslavl.su [217.15.134.73]) by mx1.freebsd.org (Postfix) with ESMTP id C31978FC2C for ; Fri, 4 Jul 2008 13:30:32 +0000 (UTC) (envelope-from michaek@mail.ru) Received: from relay.innet.yaroslavl.su (relay.innet.yaroslavl.su [217.15.134.70]) by big.innet.yaroslavl.su (8.13.7/8.13.7) with ESMTP id m647W6Q9092321; Fri, 4 Jul 2008 11:32:06 +0400 (MSD) Received: from reaper.yaroslavl.ru (reaper.yaroslavl.ru [85.113.195.205]) by relay.innet.yaroslavl.su (8.13.8/8.13.8) with ESMTP id m647W5f8034925; Fri, 4 Jul 2008 11:32:06 +0400 (MSD) (envelope-from michaek@mail.ru) Received: from [127.0.0.1] (unknown [192.168.10.184]) by reaper.yaroslavl.ru (Postfix) with ESMTP id 3665B2283A; Fri, 4 Jul 2008 11:32:05 +0400 (MSD) Message-ID: <486DD1F4.7010606@mail.ru> Date: Fri, 04 Jul 2008 11:32:04 +0400 From: Michael Lednev User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: assetburned References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-questions@freebsd.org Subject: Re: Problem with pf, which is not doing NAT X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jul 2008 13:30:33 -0000 assetburned пишет: > Hi, > > I try to use a FreeBSD machine as a gateway with 2 LAN, one WAN > connection and a local Squid. > > All I want to do for the beginning is do NAT the whole traffic to the > Internet. The whole traffic should be go directly to the WAN interface > If one of the users want to, than he should be able to use the Squid. > But as I said, they don't have to... at least for the beginning. > > Now my problem, the only way to access the internet at the moment is > to use the Squid. OK not bad, at least something is working, but not > the way I want :-/ > > It would be nice if I could still access my SSHd after setting up the > new pf.conf, which is working at the moment. > > I have, in my sysctrl.conf, a net.inet.ip.forwarding=1 line and while > booting up it is set to one. > > My pf.conf is this. > > ExtIF1 = "ed0" > ExtIF = $ExtIF1 # i know a bit useless > IntIF1 = "ed1" > IntIF2 = "ed2" > IntIF = "{" $IntIF1 $IntIF2 "}" > LocIF = "lo0" > scrub log on $ExtIF all random-id min-ttl 254 max-mss 1452 reassemble > tcp fragment reassemble > no rdr on $LocIF from any to any > nat on $ExtIF from $IntIF1:network to any -> ($ExtIF) > nat on $ExtIF from $IntIF2:network to any -> ($ExtIF) > > So any ideas? do you have gateway_enable="YES" in /etc/rc.conf?