Archive for May 2, 2011

(Freebsd) Guide utk pf firewall

Posted: May 2, 2011 in Freebsd

Simple Firewall

http://cipitunk.wordpress.com/2008/07/31/simplify-your-firewall-rules/

Simple NAT

http://cipitunk.wordpress.com/2007/11/07/nat-in-freebsd-with-pf/

Advertisements

(Freebsd) SETTING UP IPNAT

Posted: May 2, 2011 in Freebsd

Making FreeBSD load the IPNAT kernel module on bootup is easy, simply add this line to rc.conf:

ipnat_enable=”YES”

Create the IPNAT configuration file /etc/ipnat.rules

Add the two lines in /etc/ipnat.rules that are for outgoing connections:

map tun0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp/udp 40000:65000

map tun0 192.168.0.0/16 -> 0.0.0.0/32

Add any redirection lines you may want. They take the following form:

rdr [INCOMING INTERFACE NAME] [INCOMING IP ADDRESS/(32 FOR PUBLIC / 16 FOR PRIVATE)] port [PORT] -> [IP ADDRESS OF MACHINE YOU WANT TO FORWARD TO] port [PORT]

An example, used for a webserver:

rdr tun0 70.232.254.2/32 port 80 -> 192.168.1.90 port 80

After every time you alter the /etc/ipnat.rules file and want the changes to take effect, use the following commands:

To clear the current settings:

#ipnat -C

To load the new settings:

#ipnat -f /etc/ipnat.rules

To view the current settings:

#ipnat -l

#ipnat -s

Guide From:

http://www.techarsenal.com/content/tutorials/router_from_scratch.htm

http://www.monkeybrains.net/~rudy/example/ipnat.html