Nat + static routes using PF?
Francisco Reyes
lists at stringsutils.com
Wed Jan 12 03:20:52 UTC 2011
I am trying to setup a machine as a gateway. The current setup is:
T1 192.168.1.1
|
|
---> Switch <--- users in 192.168.1.0/24
|
|
--\
FreeBSD Machine
--/
|
|
Time Warner 192.168.0.1
I am trying to get most of the traffic to go through Time Warner so I set
that as the default gateway.
I then have a handfull of static routes I setup and want to go through the
T1.
I modified the setup at this URL
http://www.bsdguides.org/guides/freebsd/networking/ho_router_pf.php
and so far have the /etc/pf.conf below. Machines in the 192.168.1.0/24
subnet are going through Time Warner, but the static routes are failing. Do
I need rules for the T1's IP?
Current setup:
### macros
# internal and external interfaces (run 'ifconfig' to find interfaces)
int_if = "em0"
ext_if = "re0"
# ping requests
icmp_types = "echoreq"
### options
set loginterface $ext_if
set skip on lo0
### Scrub
scrub in all
### nat/rdr
# NAT traffic from internal network to external network through external
# interface
nat on $ext_if from $int_if:network to any -> ($ext_if)
# allow in ping replies
pass in inet proto icmp all icmp-type $icmp_types keep state
# allow all traffic from internal network to internal interface
pass in on $int_if from $int_if:network to any keep state
pass out on $int_if from any to $int_if:network keep state
# allow all traffic out via external interface
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
Any pointers greatly appreciated.
More information about the freebsd-pf
mailing list