FreeBSD Mail Archives

Date:      Tue, 27 Oct 2009 15:35:58 +0100
From:      Andreas Rudisch <cyb.@gmx.net>
To:        =?ISO-8859-1?Q?D=E1nielisz_L=E1szl=F3?= <laszlo_danielisz@yahoo.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: PPPoE client+pf+nat
Message-ID:  <20091027153558.a8a420b2.cyb.@gmx.net>
In-Reply-To: <744998.27248.qm@web30808.mail.mud.yahoo.com>
References:  <744998.27248.qm@web30808.mail.mud.yahoo.com>

--Signature=_Tue__27_Oct_2009_15_35_58_+0100_WcEebN+72TfRXXQk
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, 27 Oct 2009 06:51:26 -0700 (PDT)
D=E1nielisz L=E1szl=F3 <laszlo_danielisz@yahoo.com> wrote:

> Let's say I have two NICs in my PC: ext_if (for wan/pppoe connection) and=
 int_if for my LAN.
> How would you manage to get work NAT with pf using PPPoE from my ISP

As a start your pf.conf could look a bit like this:
#####
ext_if =3D "tun0"
int_if =3D "em1"
localnet =3D $int_if:network

set block-policy return
set skip on lo0

scrub in all

nat on $ext_if from $localnet to any -> ($ext_if)

antispoof for ($ext_if)
antispoof for $int_if

block in log all

pass inet from { lo0, $localnet } to any
pass out on $ext_if all
#####

Andreas
--
GnuPG key  : 0x2A573565    |    http://www.gnupg.org/howtos/de/
Fingerprint: 925D 2089 0BF9 8DE5 9166  33BB F0FD CD37 2A57 3565

--Signature=_Tue__27_Oct_2009_15_35_58_+0100_WcEebN+72TfRXXQk
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (FreeBSD)

iEYEARECAAYFAkrnBVEACgkQ8P3NNypXNWUfEwCfQXl0ofDE1z+5Ng77e9kyrUlt
eRcAn0l4OHK34AurrQSu1NvIOuxXNxTZ
=AHIY
-----END PGP SIGNATURE-----

--Signature=_Tue__27_Oct_2009_15_35_58_+0100_WcEebN+72TfRXXQk--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091027153558.a8a420b2.cyb.>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation