Go Back   DaemonForums > FreeBSD > FreeBSD Installation and Upgrading

FreeBSD Installation and Upgrading Installing and upgrading FreeBSD.

Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 25th June 2008
TiN-MAN TiN-MAN is offline
Bsd n00b
Join Date: Jun 2008
Posts: 3
Question Newbie NAT problem

I was wondering if anyone can help me. I have been trying to configure an internet gateway with freebsd. I'm a unix newbie.

The system is up and running. Problem is i want to use PF and NAT to control my internet trough a gateway. But I cannot get it to work. And I have compiled PF support into my current kernel.

sis0 is my external network getting dynamic ip from isp.
rl0 is my internal network running dhcp.

ADSL Router
Freebsd server
 |               |
(    (
PC1             PC2
I want to be able to access telnet (SSH) from both sides of the server (both and

I want LAN computers to be able to access the internet but also services on the server (eg. samba shares).

ifconfig output:
sis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 00:1c:c0:49:c2:06
        inet netmask 0xffffff00 broadcast
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 00:11:6b:94:cc:f8
        inet netmask 0xffffff00 broadcast
        media: Ethernet autoselect (100baseTX <full-duplex>))
        status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet6 ::1 prefixlen 128
        inet netmask 0xff000000
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204
pfsync0: flags=0<> metric 0 mtu 1460
        syncpeer: maxupd: 128
My my pathetic attempt at creating a working pf.conf

if_ext = "sis0"                # macro for interface facing int
if_int = "rl0"                 # macro for interface facing loc
localnet = $if_int:network
icmp_types = "{ echoreq, unreach }"
nonroute = "{,,, \
           ,,, \
           , }"

set block-policy return
scrub in all
nat on $if_ext from $localnet to any -> ($if_ext)
antispoof for $if_ext
antispoof for $if_int
block all

pass inet proto tcp from {lo0, $localnet } to any keep state
pass inet proto icmp all icmp-type $icmp_types keep state
pass in on $if_ext proto { tcp, udp } from any to any port 3709 #telnet

block drop in quick on $if_ext from $nonroute to any
block drop out quick on $if_ext from any to $nonroute
any ideas where i fail? and how to fix it?

Last edited by TiN-MAN; 25th June 2008 at 07:33 PM.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
PF Configuration for newbie slakic OpenBSD Security 1 20th August 2009 02:35 PM
Newbie kernel question sbonar Programming 11 17th August 2009 11:40 PM
What makes a perfect newbie? jggimi Feedback and Suggestions 32 19th October 2008 02:58 AM
Newbie requesting too much time/effort! MrDetermination FreeBSD General 6 7th August 2008 12:54 PM
Newbie - adventure in gateway world Johnny2Bad FreeBSD General 1 17th May 2008 10:22 AM

All times are GMT. The time now is 11:59 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick