From owner-freebsd-questions@FreeBSD.ORG Thu Jun 23 12:22:06 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9C1FA16A41C for ; Thu, 23 Jun 2005 12:22:06 +0000 (GMT) (envelope-from bkoenig@cs.tu-berlin.de) Received: from mail.efacilitas.de (efacilitas.de [213.133.110.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 59DBF43D49 for ; Thu, 23 Jun 2005 12:22:06 +0000 (GMT) (envelope-from bkoenig@cs.tu-berlin.de) Received: from eurystheus.local (port-212-202-169-37.dynamic.qsc.de [212.202.169.37]) by mail.efacilitas.de (Postfix) with ESMTP id 19E04123978; Thu, 23 Jun 2005 14:20:23 +0200 (CEST) Received: from localhost (eurystheus.local [192.168.1.67]) by eurystheus.local (Postfix) with ESMTP id B466E12B0F7; Thu, 23 Jun 2005 14:20:36 +0200 (CEST) Received: from eurystheus.local ([192.168.1.67]) by localhost (eurystheus.locaL [192.168.1.67]) (amavisd-new, port 10024) with ESMTP id 01289-06; Thu, 23 Jun 2005 14:20:31 +0200 (CEST) Received: from [192.168.1.67] (eurystheus.local [192.168.1.67]) by eurystheus.local (Postfix) with ESMTP id 6BF7E12B033; Thu, 23 Jun 2005 14:20:31 +0200 (CEST) Message-ID: <42BAA90E.3060309@cs.tu-berlin.de> Date: Thu, 23 Jun 2005 14:20:30 +0200 From: =?ISO-8859-1?Q?Bj=F6rn_K=F6nig?= User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.8) Gecko/20050517 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Peter References: <42BAA0A9.3090808@aboutsupport.com> In-Reply-To: <42BAA0A9.3090808@aboutsupport.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Scanned: amavisd-new at example.com Cc: "freebsd-questions@freebsd.org" Subject: Re: Simple ipfw problem :( X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Jun 2005 12:22:06 -0000 Peter wrote: > with my old linux box I forward all my LAN traffic coming from eth1 via > eth0 with these simple 3 lines > > $IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE > $IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT > $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT > > Howevr I moved the box to FreeBSD 5.4 and also I have a new connection > PPPoE. I enabled the IPDIVERRT, FIRREWALL etc in the kernel but I am > unable to make traffic coming from rl0(internal interface) be forwaded > via tun0( PPPoE interface). > > I have gateway_enable='yes', tried playing with ppp_nat etc... > > But no luck.... > > Is there a simple way to do that with ipfw ? Please help - I am little > bit confused... Actually you don't need ipfw or any other packet filter to set up a simple internet access point for clients in a LAN. This configuration should be enough: ---- ppp.conf ---- myisp: set device PPPoE: set log Phase IPCP CCP Warning Error Alert add! default HISADDR set authname set authkey ---- Note: is your external network interface, i.e. neither rl0 nor tun0. ---- rc.conf ---- gateway_enable="YES" # "sysctl net.inet.ip.forwarding=1" at startup ppp_enable="YES" ppp_mode="ddial" ppp_profile="myisp" ppp_nat="YES" # alternatively "nat enable yes" in ppp.conf ---- I hope I didn't forget about something. Björn