|
||||
PF NAT and 2 external nic´s
Hi!
Im soon having another connection with static IP (from university) which has daily restrictions about the amount of transferred data. I also have this DSL connection with DHCP. I started to think that i would like to route/redirect some bandwidth eating ports from lan computers to use DSL. This also offers me a chance to "learn" some PF more. I planned that my DSL ext would be BFE0 and the STATIC one would be DC0. oh and the ports i want to put through DSL are all the ports i have defined for LAN machines below. edit: (coming to think of it second scenario would be that all other traffic goes thru DSL except http and port 28960 from LAN. Actually this is much straightforward too.) here is my config now. Code:
ext_if1="bfe0" # Ulkoverkon kortti (DSL) ext_if2="dc0" # Ulkoverkon kortti (Static) int_if="xl0" # Sisäverkon kortti # Macros lahiverkko = $int_if:network icmp_types = "{ 0, 3, 11 }" #LAN machine 1 (pate) pate = "{ 192.168.0.2 }" patetcp = "{ 1412, 49995, 61027 }" #TCP portit, erottele pilkulla, jotka ohjataan koneelle (pate) pateudp = "{ 1412, 49995, 61027 }" #UDP portit, - " - #LAN machine 2 (texina) texina = "{ 192.168.0.3 }" texinatcp = "{ 1414, 2412, 8085, 50200 }" #TCP portit texinaudp = "{ 1414, 2412 }" #UDP portit #tablet table <nonroutable> persist { 192.168.0.0/16, 127.0.0.0/8, 172.16.0.0/12,10.0.0.0/8, 0.0.0.0/8, 169.254.0.0/16,192.0.2.0/24, 204.152.64.0/23, \ 224.0.0.0/3,255.255.255.255/32 } # options set block-policy return set optimization aggressive set loginterface $ext_if1 set skip on lo0 set skip on xl0 # scrub , Järjestele ja tarkista kaikki paketit sisään scrub in all # Queue. Mahdolliset siirtorajoitukset ja liikenteen priorisoinnit. #altq on $ext_if bandwidth 848Kb hfsc queue { ack, dns, dflt } # queue ack bandwidth 60% priority 7 hfsc (realtime 50%) # queue dns bandwidth 10% priority 6 hfsc (realtime 5%) # queue dflt bandwidth 30% priority 2 qlimit 100 hfsc (realtime 25% default) # Testaus Primary Queue #altq on $ext_if priq bandwidth 828Kb queue { ack, dns, dflt } # queue ack priority 7 # queue dns priority 5 # queue dflt priority 2 priq(default) # # Nat ja Uudelleenohjaukset (Hoidettu ylempänä makroilla, ei tarvitse välttämättä vaihtaa alempia) nat on $ext_if1 from $int_if:network to any -> ($ext_if1) rdr pass on $ext_if1 proto tcp from any to any port $patetcp -> $pate rdr pass on $ext_if1 proto udp from any to any port $pateudp -> $pate rdr pass on $ext_if1 proto tcp from any to any port $texinatcp -> $texina rdr pass on $ext_if1 proto udp from any to any port $texinaudp -> $texina # rules block in log all block out on $ext_if1 from any to <nonroutable> block in log quick on $ext_if1 from <nonroutable> to any #pass quick on $int_if from $int_if:network to $int_if:network pass out quick on $ext_if1 proto udp from ($ext_if1) to any port 53 keep state queue ( dns ) pass out on $ext_if1 from ($ext_if1) keep state queue ( dflt , ack ) antispoof quick for { lo0 $int_if } # pass in rules pass in quick on $ext_if1 inet proto tcp from any to ($ext_if1) port 80 keep state pass in quick on $ext_if1 inet proto tcp from any to ($ext_if1) port 22 keep state pass in on $int_if from $int_if:network to any #pass out on $int_if from any to $int_if:network I also tried to understand this (found with google) http://osdir.com/ml/os.openbsd.pf/2004-07/msg00092.html but with poor results. Or understood it but how to adapt to my use and will it work im unsure. I know its annoying if someone asks ready configuration/examples, but it would be very nice. Im not the type who just puts it to use and enjoys. I really like to know how the thing works before i put it into use. So i read the conf over and over again till i get it. ofc any other help/hints conserning that conf are welcome. thank you very much for your time. Im running FBSD 7 Last edited by Calderon; 16th September 2008 at 06:56 PM. |
Tags |
2 external, 2 isp, firewall, nat, pf |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
mounting external XFS HDD | rativid | OpenBSD General | 5 | 3rd September 2010 02:31 PM |
External Ips | zomo | OpenBSD General | 12 | 20th November 2008 09:47 AM |
Router for external IP's | bichumo | General software and network | 11 | 22nd July 2008 03:07 AM |
2 external NIC + 1 internal NIC | AlexV | FreeBSD General | 7 | 4th June 2008 08:18 AM |
ssh/external access | jwhal | OpenBSD General | 11 | 21st May 2008 07:19 PM |