FreeBSD NAT
备注
这里是一个简单的NAT共享网络上网配置,有待进一步完善。
说明:
wifibox0是外网接口,见 FreeBSD无线网络BCM43602(通过wifibox)ue0是内网接口,连接内部局域网目标是将
ue0连接的内部网络通过NAT连接访问外网
设置pf防火墙规则
/etc/pf.conf
设置NAT的
/etc/pf.confext_if = "wifibox0"
int_if = "ue0"
int_addr = "192.168.7.101"
int_network = "192.168.7.0/24"
set skip on lo
scrub in all
# NAT traffic from internal network to external network through external interface
nat on $ext_if from $int_if:network to any -> ($ext_if)
### Filters ###
# Permit keep-state packets for UDP and TCP on external interfaces
pass out quick on $ext_if proto udp all keep state
pass out quick on $ext_if proto tcp all modulate state flags S/SA
# Permit any packets from internal network to this host
pass in quick on $int_if inet from $int_network to $int_addr
# Permit established sessions from internal network to any (incl. the Internet)
pass in quick on $int_if inet from $int_network to any keep state
# If you want to limit the number of sessions per NAT, nodes per NAT (simultaneously), and sessions per source IP
#pass in quick on $int_if inet from $int_network to any keep state (max 30000, source-track rule, max-src-nodes 100, max-src-states 500 )
# Permit and log all packets from clients in private network through NAT
pass in quick log on $int_if all
# Pass any other packets
pass in all
pass out all
激活IP转发:
激活IP forwarding
# 添加内核IP转发配置
echo 'net.inet.ip.forwarding=1' | sudo tee -a /etc/sysctl.conf
# 刷新
sysctl -f /etc/sysctl.conf