Date: Mon, 05 Mar 2007 04:39:22 +0000 From: "rance@frontiernet.net" <rance@frontiernet.net> To: freebsd-pf@freebsd.org Subject: home router with internal services available question Message-ID: <20070305043922.qgd8g96zo6jo0g0k@webmail.frontiernet.net>
next in thread | raw e-mail | index | archive | help
Hello everyone, I'm a new freebsd user (been a linux user for some =20 time, so I'm comfortable with unix-like os structures and the cli) I'm trying to build a freebsd home router with the pf firewall, all =20 the documentation I'm reading suggests that this is quite possible. in fact, there are faq-example files in /usr/share/examples/pf that =20 give you MOST of the basic setup stuff that you would need to do this. I had a basic NAT setup that was almost working. dhcp requests on my =20 lan were not getting answered by the gateway host. I looked at the firewall rules and figured it was because there wasn't =20 a specific way to handle port 67 data (if should be handled by the internal interface of =20 the freebsd box. With the firewall disabled Lan machines can get an IP address, but =20 cant surf the net, with the firewall enabled they can surf the net, but cant get a dhcp address= . I've googled and can't find anything that specifically addresses this issue. I searched the list archives and found nothing there. I'm sure the answer to my question is an exception to the NAT routing rule. Ive tried to work on one of my own, but I keep breaking the whole firewall My setup is like this internet--->isp dsl modem with built in firewall---> freebsd box (as =20 gateway)--> LAN right now I'm working with the limited protection of the dsl modem. =20 but want to get the freebsd box working so I can do away with the other router and give =20 the freebsd box my public ip address. Assume that the pf.conf is a copy of /usr/share/examples/faq-example1 =20 but I don't need the ftp proxy rule, so I commented that out. I've specified the inernal and external interfaces correctly and I've added a "me" macro for use with the routing rule for dns/dhcp =20 services. could someone please explain the "right" way to do this, or point me =20 to the right doc, I'm willing to learn if I can find the right teacher. Thanks all for your help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070305043922.qgd8g96zo6jo0g0k>