From owner-freebsd-questions@FreeBSD.ORG Thu Jun 23 11:52:14 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B633016A41C for ; Thu, 23 Jun 2005 11:52:14 +0000 (GMT) (envelope-from dmitry.mityugov@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6C7D443D1D for ; Thu, 23 Jun 2005 11:52:14 +0000 (GMT) (envelope-from dmitry.mityugov@gmail.com) Received: by wproxy.gmail.com with SMTP id 69so17704wri for ; Thu, 23 Jun 2005 04:52:13 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=s5Xjts0oqyWLcEY5yimSYbz52eYsAcTKQUm12dNhUDaVlkWAd2JAktjKEbMtjg35j8iycg0VWWYpQXHH5O4e0D4CMO4fX2tkj6zZ5RY2R+OdzmWCfPkERtdidxJcfxv2kCLlP8R2q7bRJf8+E8im9EQJFKci4pU+OR2tHZWow+I= Received: by 10.54.49.67 with SMTP id w67mr189326wrw; Thu, 23 Jun 2005 04:52:13 -0700 (PDT) Received: by 10.54.56.33 with HTTP; Thu, 23 Jun 2005 04:52:13 -0700 (PDT) Message-ID: Date: Thu, 23 Jun 2005 15:52:13 +0400 From: Dmitry Mityugov To: Peter In-Reply-To: <42BAA0A9.3090808@aboutsupport.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <42BAA0A9.3090808@aboutsupport.com> Cc: "freebsd-questions@freebsd.org" Subject: Re: Simple ipfw problem :( X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Dmitry Mityugov List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Jun 2005 11:52:14 -0000 On 6/23/05, Peter wrote: > Hi, >=20 > with my old linux box I forward all my LAN traffic coming from eth1 via > eth0 with these simple 3 lines >=20 > $IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE > $IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT > $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT >=20 > Howevr I moved the box to FreeBSD 5.4 and also I have a new connection > PPPoE. I enabled the IPDIVERRT, FIRREWALL etc in the kernel but I am > unable to make traffic coming from rl0(internal interface) be > forwaded via tun0( PPPoE interface). >=20 > I have gateway_enable=3D'yes', tried playing with ppp_nat etc... >=20 > But no luck.... >=20 > Is there a simple way to do that with ipfw ? Please help - I am little > bit confused... >=20 > Thanks in advance for your help... >=20 > Kind regards, >=20 > Peter Hi Peter, There is a nice chapter in FreeBSD handbook that describes how rules for ipfw might look like to do NAT: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.ht= ml. I had no problems setting my firewall using that chapter as a starting point. --=20 Dmitry "We live less by imagination than despite it" - Rockwell Kent, "N by E"