[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-pf
Subject: PF+Bridge. A solution with ng_bridge.
From: "Chris Dionissopoulos" <dionch () freemail ! gr>
Date: 2005-01-21 14:51:54
Message-ID: 001401c4ffc8$c15965a0$0100000a () R3B
[Download RAW message or body]
Hi list,
Reading these issues(*1) for pf enabled bridge, I found an
pf+bridge (aka transparent firewall) solution which seems
to works. Its based on netgraph bridge module (ng_bridge).
Just try these steps , and send me a feedback:
1/ Load kernel modules:
# kldload pf.ko
# kldload ng_ether.ko
# kldload ng_eiface.ko
# kldload ng_bridge.ko
2/ Clean ipmask definitions from interfaces :
# ifconfig $lan delete
# ifconfig $wan delete
3/ Make a bridge with $wan,$lan interfaces:
(change $lan,$wan to comply your hardware)
# ngctl mkpeer $lan: bridge lower link0
# ngctl name $lan:lower br0
# ngctl connect $lan: br0 upper link1
# ngctl connect $wan: br0 lower link2
# ngctl connect $wan: br0 upper link3
4/ Enable your rules:
vi /etc/pf.conf:
~~~~~~~~~~
pass in on rl0 all
pass out on rl0 all
pass in on rl1 all
pass out on rl1 all
**Of course you can be more restrictive here with or without states.
# pfctl -evf /etc/pf.rules
Cheers,
Chris.
(*1):
http://lists.freebsd.org/pipermail/freebsd-pf/2005-January/000734.html
http://lists.freebsd.org/pipermail/freebsd-pf/2005-January/000744.html
____________________________________________________________________
http://www.freemail.gr - δωρεάν υπηρεσία ηλεκτρονικού ταχυδρομείου.
http://www.freemail.gr - free email service for the Greek-speaking.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic