Date: Fri, 21 Jan 2005 16:51:54 +0200 From: "Chris Dionissopoulos" <dionch@freemail.gr> To: <pf@freebsd.org> Subject: PF+Bridge. A solution with ng_bridge. Message-ID: <001401c4ffc8$c15965a0$0100000a@R3B>
next in thread | raw e-mail | index | archive | help
Hi list, Reading these issues(*1) for pf enabled bridge, I found an=20 pf+bridge (aka transparent firewall) solution which seems=20 to works. Its based on netgraph bridge module (ng_bridge). Just try these steps , and send me a feedback: 1/ Load kernel modules: # kldload pf.ko # kldload ng_ether.ko # kldload ng_eiface.ko # kldload ng_bridge.ko 2/ Clean ipmask definitions from interfaces : # ifconfig $lan delete # ifconfig $wan delete 3/ Make a bridge with $wan,$lan interfaces:=20 (change $lan,$wan to comply your hardware) # ngctl mkpeer $lan: bridge lower link0 # ngctl name $lan:lower br0 # ngctl connect $lan: br0 upper link1 # ngctl connect $wan: br0 lower link2 # ngctl connect $wan: br0 upper link3 4/ Enable your rules: vi /etc/pf.conf: ~~~~~~~~~~ pass in on rl0 all pass out on rl0 all pass in on rl1 all pass out on rl1 all **Of course you can be more restrictive here with or without states. # pfctl -evf /etc/pf.rules Cheers, Chris. (*1): http://lists.freebsd.org/pipermail/freebsd-pf/2005-January/000734.html http://lists.freebsd.org/pipermail/freebsd-pf/2005-January/000744.html ____________________________________________________________________ http://www.freemail.gr - δωρεάν υπηρεσία ηλεκτρονικού ταχυδρομείου. http://www.freemail.gr - free email service for the Greek-speaking.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001401c4ffc8$c15965a0$0100000a>