Re: PF & NAT, how to forward GRE?
Mel <[EMAIL PROTECTED]> writes: > I take it you mean gre(4), which defines two IP protocols. So your rules will > need to include proto gre or proto mobile to identify the traffic. Something > like: > nat on $wan_if proto gre from $int_if:network to any -> ($wan_if) and don't forget to include a matching pass rule. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: PF & NAT, how to forward GRE?
On Thursday 27 September 2007 02:47:14 Paul Fraser wrote: > I'd like to forward all incoming GRE traffic on the WAN link to a system > on the wired network. Could anyone advise how? I take it you mean gre(4), which defines two IP protocols. So your rules will need to include proto gre or proto mobile to identify the traffic. Something like: nat on $wan_if proto gre from $int_if:network to any -> ($wan_if) -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: PF NAt
/etc/pf.conf
exter_if = "vr0"
^^^
nat on $exter_if from $inter_if to any -> $exter_if
^
Now look at man page about nat/rdr rule syntax:
nat-rule = [ "no" ] "nat" [ "pass" ] [ "on" ifspec ] [ af ]
[ protospec ] hosts [ "tag" string ] [ "tagged"
string ]
[ "->" ( redirhost | "{" redirhost-list "}" )
[ portspec ] [ pooltype ] [ "static-port" ] ]
Grammar says, that after the "->" keyword there should be specified
_host(s)_. So, if you want to use a macro, pointing to your interface
_name_, there's a technique to translate it to it's primary or any
aliased IP:
($macro)
Your line should look like this:
nat on $exter_if from $inter_if to any -> ($exter_if)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: PF NAt
On Apr 26, 2007, at 11:35 AM, Miguel Alcántara wrote: /etc/rc.conf gateway_enable = "YES" ifconfig_vr0="inet 192.168.1.2 netmask 255.255.255.0" ifconfig_xl0="inet 192.168.1.3 netmask 0x" squid_enable="YES" You're not going to have much luck trying to do NAT if both interfaces are on the same subnet. Other machines will simply broadcast to the other LAN addresses without being re-written by this machine. For NAT to work, the traffic has to flow through this machine as a router (or gateway), which means that they can't be using something like 192.168.1.1 as the router. You'll have to change vr0 to use a publicly routable IP if your want to use it as the "external NIC". -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
