Hi, all.
System is FreeBSD 6.2, it has two em[01] interfaces, there is a bridge between
them and on bridge0 there is NAT for internal adrresses (192.168.0.0/20), all
other packets are switched through bridge:
[PPPoE clients 192.168.0.0/20 and real ip]<--xDSL-->[PPPoE AC
80.0.0.1/29]<-->[em0 FreeBSD bridge&NAT 80.0.0.2/29 em1]<-->80.0.0.4/29[BGP
Router]
Why bridge? Both PPPoE concentrator and BGP router are Cisco routers, there is
dynamic routing (EIGRP) between them, so it must be directly connected.
# ifconfig em0 up
# ifconfig em1 up
# ifconfig bridge0 addm em0 addm em1 up
# ifconfig bridge0 inet 80.0.0.2/29
# route add default 80.0.0.4
# cat /etc/pf.conf
int_if="em0"
ext_if="em1"
bridge_if="bridge0"
table <nat_lan> const { 192.168.0.0/20 }
table <nat_addr> const { 80.250.68.2 80.250.68.3 }
set timeout { src.track 300 }
set skip on lo0
# Normalization
scrub in on $bridge_if from <nat_lan>
# NAT
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
nat pass on $bridge_if inet tagged ADSL_MAIN_INET -> <nat_addr> round-robin
sticky-address
rdr on $int_if inet proto tcp from <nat_lan> to any port 21 -> 127.0.0.1 port
8021
no rdr on lo0 from any to any
# Rulezzz
#
# eigrp (cisco dynamic routing)
pass quick proto eigrp
# bridge
pass inet all
# nat marker
pass in on $int_if inet from <nat_lan> to !($bridge_if) flags S/SA keep
state tag ADSL_MAIN_INET
# ftp
pass in log on $bridge_if route-to (lo0 127.0.0.1) proto tcp from
<nat_lan> to 127.0.0.1 port 8021
anchor "ftp-proxy/*"
Bridge works, NAT works, but problems with ftp - control connection is
established, but data connection is dropped. Of course, without ftp-proxy
passive ftp works, but some clients need working active ftp too.
And, what to do?
--
Don't plan any hasty moves. You'll be evicted soon anyway.
