On 2017-06-21 11:36, lu jian wrote:
Hi
I have an i386 machine with two network interfaces, one of which
connect to the uplink ISP via pppoe, the other connects to the WAN
port of a wireless router to which all LAN machines and cell phones
connect (via wifi).
The problem is that this i386 machine (which I intend as a firewall)
can access the internet, but all LAN machines cannot.
Hint: my wireless router can obtain dhcp address from the i386 machine.
These two network interfaces on the i386 are bge0 and fxp0.
1) Configuration for fxp0:
# cat /etc/hostname.fxp0
up
# cat /etc/hostname.pppoe0
inet 0.0.0.0 255.255.255.255 NONE \
pppoedev fxp0 authproto chap \
authname 'account' authkey '123' up
dest 0.0.0.1
!/sbin/route add default -if pppoe0 0.0.0.1
2) Configuration for bge0:
# cat /etc/hostname.bge0
inet 192.168.0.1 255.255.255.0 192.168.0.255
This is a subnet within RFC 1918 - a private network, not
directly routea-able on the Internet.
You must add Network Address Translation (NAT) to your PF configuration
in order
to access the Internet from that subnet.
See the NAT section of the PF User's Guide.
http://www.openbsd.org/faq/pf/nat.html
