My home network. Firewall is openbsd (4.3). DSL setup with PPPOE (in
kernel):
cat /etc/hostname.pppoe0
inet 0.0.0.0 255.255.255.255 NONE \
pppoedev dc0 authproto pap \
authname 'user@isp.net' authkey 'password' up
!/sbin/route add default
#
Here is my /etc/pf.conf for this network (HOME). Very simple blocking
everything and allowing everything to go out from my internal network.
# $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or
net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.
ext_if="dc0"
int_if="fxp0"
loopback="lo0"
pppoe_if="pppoe0"
#table <spamd-white> persist
set skip on lo
set loginterface $ext_if
set loginterface $int_if
set loginterface $pppoe_if
set loginterface $loopback
scrub in all max-mss 1440
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
# nat on $pppoe_if from 172.16.200.0/24 -> $pppoe_if
nat on $pppoe_if from !($pppoe_if) to any -> ($pppoe_if)
block in log on $pppoe_if
pass out keep state
Here is my Lab network: setup on static DSL connection with 5 static
IPs:
I am using one for webserving: 75.44.224.2.
my /etc/hostname.sk0 looks like:
inet 75.44.229.1 255.255.255.248 NONE
alias 75.44.229.2 255.255.255.248
I also have a laptop behind this firewall on internal network. Used
for browsing etc.
##### MACROS ####
ext_if="sk0"
int_if="gem0"
external_ip="75.44.229.1"
external_net="{75.44.229.17 75.44.229.18 75.44.229.19 75.44.229.20}"
internal_ip="172.16.10.10"
webserver_ip="75.44.224.2"
webserver_int="172.16.10.11"
#### OPTIONS #####
set loginterface $ext_if
set loginterface $int_if
scrub in
#### NAT/REDIRECTS ####
nat on $ext_if from !($ext_if) to any -> ($ext_if:0)
rdr pass on $ext_if proto tcp from any to $webserver_ext port 80 ->
$webserver_int port 80
###### ...
