After five or six years using my old beige box (Pentium II Celeron, 300MHz, 192MB RAM) as a FreeBSD router (gateway), I’ve decided it’s time to replace it with a more decent old Dell C610 laptop (Pentium III, 1.2MHz, 1Gb RAM). I installed FreeBSD, put another network card and configured /etc/rc.conf so this laptop can be used as a NAT gateway.This is part of my /etc/rc.conf.
# Use this machine as a gateway gateway_enable="YES" # Hostname + domain name hostname="tripnotic.klimentandreev.com" # IP address of the internal network card. My subnet is 192.168.1.0/24 ifconfig_dc0="inet 192.168.1.111 netmask 255.255.255.0" # IP address that is assigned by Comcast ISP to my external network card ifconfig_xl0="DHCP" #Enable pf (firewall and packet filter) pf_enable="YES" pf_rules="/etc/pf.conf" pflog_enable="YES" pflog_logfile="/var/log/pflog"
Next, I copied /etc/pf.conf to /etc/pf.conf.orig in case I need the original pf configuration file. Open your favorite editor and modify only the following lines in /etc/pf.conf:
# Macros: define common values, so they can be referenced and changed easily. ext_if="xl0" # replace with actual external interface name i.e., dc0. Mine is xl0 int_if="dc0" # replace with actual internal interface name i.e., dc1 internal_net="192.168.1.0/24" # My internal subnet #external_addr="192.168.1.1" # My external IP is DHCP so I left this line commented.
I uncommented this line:
nat on $ext_if from $internal_net to any -> ($ext_if)
then I saved the file and rebooted. Since we changed the old desktop with a different computer, DHCP won’t work, so remember to also reboot your cable box. Once this is done, test the connection from your new gateway. I also needed to change my dhcpd.conf on my other OpenBSD box to reflect the new gateway address.
UPDATE: When I tried to use ftp client from my laptop, I was getting all kinds of errors. I tried to use passive command, but it didn’t work. I would get the ftp prompt, but when I try to list the folder, the connection failed. After some googling, I found that ftp-proxy needs to be installed. First, edit /etc/rc.conf and add ftpproxy_enable=”YES” at the end. Then, edit /etc/pf.conf and uncomment the following lines:
nat-anchor “ftp-proxy/*” rdr-anchor “ftp-proxy/*” rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
and all the way down where the rules are
anchor “ftp-proxy/*”
Save the changes, start /etc/rc.d/ftp-proxy and you are good to go.