How to NAT on freebsd for LAN network/SOHO February 17th, 2010
Network Address Translation (NAT, also known as Network Masquerading, Native Address Translation or IP Masquerading) involves re-writing the source and/or destination addresses of IP packets as they pass through a router or firewall. Most systems using NAT do so in order to enable multiple hosts on a private network to access the Internet using a single public IP address (see gateway). Many network administrators find NAT a convenient technique and use it widely. Nonetheless, NAT can introduce complications in communication between hosts and may have a performance impact.
As FreeBSD mania, i would like to share my experience build up a NAT gateway.
this is the topology.
LAN NETWORK ———> freebsd NAT ROUTER/GATEWAY ———-> INTERNET
I would like to use NAT in this case. The gateway has two NIC, one for the upstream and one for the downstream. I use realtek interface card to be the upstream interface. I give it IP address 202.14.xxx.xxx. And the other interface i give IP address 192.168.1.1.
Then I use packet filter ( PF ) to run NAT function.
This is the configuration to load pf in booting system.
use kldload pf to enable module in kernal by default its loaded
use pfctl -e command to enable pf firewall
edit your /etc/rc.conf
pf_enable="YES"
pf_rules="/etc/pf.conf"
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
gateway_enable="YES"
then edit the /etc/pf.conf
nat on rl0 from 192.168.1.0/24 to any -> (rl0)
after that, try the PC client the allocation IP address.
And,
if problem add this line to /etc/sysctl.conf
sysctl net.inet.ip.forwarding=1
Its done.
Happy Nating!
Posted in feebsd, Networking | No Comments »
