|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
Simple PF commands for IP_Forwarding
Hi all,
I want to forward all network packets between both interfaces (em0,em1). BTW, I set net.inet.ip.forwarding=1 but still need some PF commands to allow between interfaces. |
|
|||
Thanks for your excellent consideration
My Network picture is [ https://photos.app.goo.gl/qSuwibs5AlC4hIJE3 ] I want to connect to the Internet through the OpenBSD without any firewall rule. My PC Gw: 192.168.111.1 And I set net.inet.ip.forwarding=1 on OpenBSD. Last edited by mbzadegan; 6th February 2018 at 10:59 AM. |
|
||||
Thank you. Your ADSL modem is a NAT router, and you have two private networks, which I assume are both /24 networks. You need to add a route to the second private network to your ADSL modem's network configuration.
Your ADSL modem knows only about the first private network (192.168.30.0/24) as it is directly connected. But the modem has no knowledge of the second private network (192.168.111.0/24) unless you provide it. You should provision the ADSL modem by adding a route to the second network (192.168.111.0/24) that it does not directly connect with, pointing it to the OpenBSD router's address (192.168.30.110) on the directly connected network. |
|
|||
Aha, OK.
But How can I resolve my problem If I don't access to my ADSL Modem console? Is that possible to config my OpenBSD as a NAT Device? What PF commands is need by pf.conf? Last edited by mbzadegan; 6th February 2018 at 11:46 AM. |
|
||||
If you are unable to provision the ADSL modem, you must make the OpenBSD router into a NAT router. In this way, OpenBSD will translate the addresses for all traffic routed to and from the second network. This is done with the nat-to directive in PF, as described in the Network Address Translation chapter of the PF Users' Guide.
When you have NAT routers linked together -- "double NAT" -- this can cause problems for some protocols. Something like this might work: Code:
pass out on em0 inet from em1:network to any nat-to (em0) |
|
|||
Thanks very much!
Your Command resolves my issue. Now, I installed openconnect client on my OpenBSD and run it without any error. If I want to redirect all of my PC traffic through it, I must change above 2 em0 interface to tun0 in your pf code? Last edited by mbzadegan; 6th February 2018 at 12:17 PM. |
|
|||
OK, Thank you very much, You resolved my Problem excellent.
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Writing a simple script to edit text files and execute commands | guitarscn | Programming | 11 | 24th August 2010 09:21 PM |
execute commands from xinitrc | rex | FreeBSD General | 3 | 22nd October 2008 10:24 PM |
No DRI + GLX commands? | Hrr4 | FreeBSD General | 5 | 21st September 2008 10:05 AM |
FreeBSD Administration Commands | corey_james | FreeBSD General | 13 | 10th June 2008 08:44 PM |
Cisco IOS commands ?? | jb_daefo | Off-Topic | 7 | 5th June 2008 01:53 AM |