|
FreeBSD as a router
Posted
Monday, November 9th 2015 in
FreeBSD -
Permalink
I had recently bought a new home router and had problems getting NAT loopback to work on it. I wasn’t able to access my server that was in the DMZ from the internal network. I decided to try setting up my FreeBSD server as my home router, as well. This turned out to be pretty easy to do. I started with two network interfaces, msk0 and dc0 The first would be my external interface, and the second would be my internal interface.
I began by installing a DHCP server, isc-dhcpd-43. You configure it using the file /usr/local/etc/dhcpd.conf. I am going to serve addresses in the 192.168.0.20-192.168.0.40 range. Here is my file:
default-lease-time 600;
max-lease-time 72400;
ddns-update-style none;
subnet 192.168.0.0 netmask 255.255.255.0 {
authoritative;
range 192.168.0.20 192.168.0.40;
option routers 192.168.0.15;
option domain-name "colinrmitchell.endoftheinternet.org";
option domain-name-servers 209.18.47.61, 209.18.47.62;
option subnet-mask 255.255.255.0;
}
Enable the server in /etc/rc.conf:
# DHCP server
dhcpd_enable="YES"
dhcpd_ifaces="dc0"
Next, I needed to configure the pf firewall to do NAT. Enable it in /etc/rc.conf:
gateway_enable="YES"
pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""
Add the following to /etc/pf.conf:
ext_if="msk0"
int_if="dc0"
set skip on lo
nat on $ext_if inet from !($ext_if) -> ($ext_if:0)
Finally, I configured my network interfaces in /etc/rc.conf:
ifconfig_msk0="DHCP"
ifconfig_dc0="inet 192.168.0.15 netmask 255.255.255.0"
I rebooted the server, and I was in business!
|
