Hey unix peeps, I've tried googling a bit both for what I'm trying to accomplish in the end and for converting what I can already do with iptables over to pf.

c/o dd-wrt

Quote :

" ifconfig `nvram get wan_ifnam`:0 192.168.2.5 netmask 255.255.255.0 iptables -t nat -I POSTROUTING -o `nvram get wan_ifname` -j MASQUERADE"

With tomato/ddwrt, wan_ifnam is usually vlan0 or vlan1. With pfSense it is an actual NIC - bfe0 or rl0, fxp0 etc.

1)Will the command 'ifconfig rl0:0 192.168.2.5/24' replace the public static IP that is currently assigned to this interface -- effectively bringing down my network? Or does the :0 have something to do with juggling both IP schemes?

2)Is it possible to do what that iptables rule states using pf? Is there a simple "conversion tool" or can someone here rewrite what I'm after?

3)Is there an easier way within pfSense to do what I'm trying to do, which is simply accessing an EQ-660R DSL modem in half-bridge mode? The following looks promising, but again I'm worried that putting the private IP up there with ifconfig will take my network down...

Quote :

"pkg_add -r redir ifconfig fxp0 192.168.2.5/24 redir --lport 2323 --cport 23 --caddr 192.168.2.1 & "

5/17/2010 11:03:41 AM

First to correct your diagram, your modem isnt bridging unless the ISP also maintains the 10.0.0.x network. In which case the PPPOE link stops also at the modem and after it is ethernet to the router.

Not sure if it bothers you, but also you are double natting, which normally tends to break stuff.

5/17/2010 1:34:20 PM

way to completely avoid the question.

I should have explained that the diagram wasn't exactly how I have my network setup, but I thought it was implied somewhere in one of those three questions. The 660R's WAN port does some half-bridge 1:1 NAT nonsense that gives my router an unfiltered public IP, but it also is still accessible on the 192 network. TBH, I don't really even authenticate with PPPoE unless it's done under the hood now on CenturyLink's end.

My cable provider operated on a 10.x network so perhaps that is what they're showing in that diagram. I wouldn't be going through all this trouble to get access to a separate subnet if I was double natting in the first place though...heh

5/17/2010 8:31:56 PM

any ideas

5/25/2010 11:33:05 PM

I'm still confused as to what your questions are.

You don't use PPPoE at all

You said "660R's WAN port does some half-bridge 1:1 NAT nonsense that gives my router an unfiltered public IP" so why not just use the unfiltered public IP as the WAN/outside IP on your router?

Setting up a basic NAT router with port forwarding capabilities can all be done in the web interface of pfsense.

5/26/2010 12:12:17 AM

i run pfsense on my as/400, i have it right behind the modem on your diagram

5/26/2010 1:24:30 AM

5/26/2010 2:19:26 AM