Home FreeBSD FreeBSD: Use FreeBSD as home router (gateway) with pf NAT + ftp-proxy

FreeBSD: Use FreeBSD as home router (gateway) with pf NAT + ftp-proxy

by Kliment Andreev
Reading Timee: 2 minutes

After five or six years using my old beige box (Pentium II Celeron, 300MHz, 192MB RAM) as a FreeBSD router (gateway), I’ve decided it’s time to replace it with a more decent old Dell C610 laptop (Pentium III, 1.2MHz, 1Gb RAM). I installed FreeBSD, put another network card and configured /etc/rc.conf so this laptop can be used as a NAT gateway.This is part of my /etc/rc.conf.

# Use this machine as a gateway
# Hostname + domain name
# IP address of the internal network card. My subnet is
ifconfig_dc0="inet  netmask"
# IP address that is assigned by Comcast ISP to my external network card
#Enable pf (firewall and packet filter)

Next, I copied /etc/pf.conf to /etc/pf.conf.orig in case I need the original pf configuration file. Open your favorite editor and modify only the following lines in /etc/pf.conf:

# Macros: define common values, so they can be referenced and changed easily.
ext_if="xl0"    # replace with actual external interface name i.e., dc0. Mine is xl0
int_if="dc0"    # replace with actual internal interface name i.e., dc1
internal_net="" # My internal subnet
#external_addr="" # My external IP is DHCP so I left this line commented.

I uncommented this line:

nat on $ext_if from $internal_net to any -> ($ext_if)

then I saved the file and rebooted. Since we changed the old desktop with a different computer, DHCP won’t work, so remember to also reboot your cable box. Once this is done, test the connection from your new gateway. I also needed to change my dhcpd.conf on my other OpenBSD box to reflect the new gateway address.
UPDATE: When I tried to use ftp client from my laptop, I was getting all kinds of errors. I tried to use passive command, but it didn’t work. I would get the ftp prompt, but when I try to list the folder, the connection failed. After some googling, I found that ftp-proxy needs to be installed. First, edit /etc/rc.conf and add ftpproxy_enable=”YES” at the end. Then, edit /etc/pf.conf and uncomment the following lines:

nat-anchor “ftp-proxy/*”
rdr-anchor “ftp-proxy/*”
rdr pass on $int_if proto tcp to port ftp -> port 8021

and all the way down where the rules are

anchor “ftp-proxy/*”

Save the changes, start /etc/rc.d/ftp-proxy and you are good to go.

Related Articles

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More