From owner-freebsd-questions@FreeBSD.ORG Tue Oct 27 14:36:05 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 41680106566B for ; Tue, 27 Oct 2009 14:36:05 +0000 (UTC) (envelope-from "cyb."@gmx.net) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.freebsd.org (Postfix) with SMTP id 85DC28FC13 for ; Tue, 27 Oct 2009 14:36:04 +0000 (UTC) Received: (qmail invoked by alias); 27 Oct 2009 14:36:01 -0000 Received: from pD952D8A1.dip0.t-ipconnect.de (EHLO core2duo.local) [217.82.216.161] by mail.gmx.net (mp011) with SMTP; 27 Oct 2009 15:36:01 +0100 X-Authenticated: #4870692 X-Provags-ID: V01U2FsdGVkX1/PRCRaJGbPXFA27XzrA67sYro1D1auM0WEDkvg+h IvOltOClZPNGKC Date: Tue, 27 Oct 2009 15:35:58 +0100 From: Andreas Rudisch To: =?ISO-8859-1?Q?D=E1nielisz_L=E1szl=F3?= Message-Id: <20091027153558.a8a420b2.cyb.@gmx.net> In-Reply-To: <744998.27248.qm@web30808.mail.mud.yahoo.com> References: <744998.27248.qm@web30808.mail.mud.yahoo.com> X-Mailer: Sylpheed 2.7.1 (GTK+ 2.16.6; i386-portbld-freebsd7.2) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="PGP-SHA1"; boundary="Signature=_Tue__27_Oct_2009_15_35_58_+0100_WcEebN+72TfRXXQk" X-Y-GMX-Trusted: 0 X-FuHaFi: 0.59 Cc: freebsd-questions@freebsd.org Subject: Re: PPPoE client+pf+nat X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Oct 2009 14:36:05 -0000 --Signature=_Tue__27_Oct_2009_15_35_58_+0100_WcEebN+72TfRXXQk Content-Type: text/plain; charset=ISO-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, 27 Oct 2009 06:51:26 -0700 (PDT) D=E1nielisz L=E1szl=F3 wrote: > Let's say I have two NICs in my PC: ext_if (for wan/pppoe connection) and= int_if for my LAN. > How would you manage to get work NAT with pf using PPPoE from my ISP As a start your pf.conf could look a bit like this: ##### ext_if =3D "tun0" int_if =3D "em1" localnet =3D $int_if:network set block-policy return set skip on lo0 scrub in all nat on $ext_if from $localnet to any -> ($ext_if) antispoof for ($ext_if) antispoof for $int_if block in log all pass inet from { lo0, $localnet } to any pass out on $ext_if all ##### Andreas -- GnuPG key : 0x2A573565 | http://www.gnupg.org/howtos/de/ Fingerprint: 925D 2089 0BF9 8DE5 9166 33BB F0FD CD37 2A57 3565 --Signature=_Tue__27_Oct_2009_15_35_58_+0100_WcEebN+72TfRXXQk Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (FreeBSD) iEYEARECAAYFAkrnBVEACgkQ8P3NNypXNWUfEwCfQXl0ofDE1z+5Ng77e9kyrUlt eRcAn0l4OHK34AurrQSu1NvIOuxXNxTZ =AHIY -----END PGP SIGNATURE----- --Signature=_Tue__27_Oct_2009_15_35_58_+0100_WcEebN+72TfRXXQk--