Changes between Version 12 and Version 13 of Internal/OpenFlow/miscUnix

Timestamp:

Jun 12, 2012, 9:36:56 PM (12 years ago)

Author:

akoshibe

Comment:

—

Internal/OpenFlow/miscUnix

@@ -11 +11 @@
  * fixing garbled text (gcc)
 [#net Network] Various networking-related things.
- * Linux NAT box with `ufw`
+ * NAT box methods
+  * with `ufw`
+  * with `pf`
 [#print Printing] quick CUPS setup [[BR]]
 [#fortune one-liners] miscellaneous single-sentence tips. [[BR]]
@@ -154 +156 @@
 = Networking-related odds and ends = #net
 Various non-experimental network setups, usually done for convenience.
-== NAT box with `ufw`. ==
+== NAT boxes. ==
+=== with `ufw` ===
 source: https://nowhere.dk/articles/tip_nat_with_ubuntus_ufw_firewall
 `ufw` is your standard Linux firewall, and comes with Ubuntu server edition. Turning a multi-interface Linux box into a router is a matter of the following steps:
@@ -187 +190 @@
 }}}
 
+=== with `pf` ===
+`pf` is the OpenBSD packet filter, a piece of software intended for heavy-duty packet filtering/firewalls and comes with some Berkeley UNIX variants^2^.  
+Assuming you have IP forwarding enabled, the following configuration in /etc/pf.conf should give you a NAT firewall:
+{{{
+ext_if="bge0"
+int_if="em0"
+external_addr="192.168.203.155"
+internal_net="192.168.1.0/24"
+nat on $ext_if from $internal_net to any -> ($ext_if)
+pass in all 
+pass out all
+}}} 
+`ext_if` is the interface facing the external network, and `int_if` is the interface connected to your NATed net. 
+Once saved, start `pf`:
+{{{
+sudo pfctl -e -f /etc/pf.conf
+}}}
+If it throws errors, make sure that the kernel module (pf.ko or something similar) is loaded.
 ----
 == Printing setup with CUPS. == #print
@@ -221 +242 @@
 ----
 ^1. Me being the person that I am will have likely tried these on FreeBSD and maybe lubuntu to see that they work there as well.^
+^2. See 1.^