# NA HW1 ###### tags: `NA` <style> code { font-family: "consolas", monospace; } </style> ## Setup Add new network interface with type **internal** to router. Check interface name using `ifconfig`. It should be `em1`. Edit /etc/rc.conf. ``` ifconfig_em1="10.113.ID.254 netmask 255.255.255.0" ``` Reload settings. ```shell sudo service netif restart ``` ## Setup dhcp server ```shell pkg search dhcp sudo pkg install -y isc-dhcp44-server ``` Edit /usr/local/etc/dhcpd.conf. Remember to reserve address 10.113.ID.129 for Agent. You may need /usr/local/etc/dhcpd.conf.sample. ``` subnet 10.113.ID.0 netmask 255.255.255.0 { range 10.113.ID.100 10.113.ID.128; # skip 129 range 10.113.ID.130 10.113.ID.200; option routers 10.113.ID.254; } host agent { hardware ethernet <MAC address of agent>; fixed-address 10.113.ID.129; # reserved } ``` Edit /etc/rc.conf. ``` dhcpd_enable="YES" dhcpd_ifaces="em1" ``` Enable service. ```shell sudo service isc-dhcpd start ``` On client, check dhcp with `ifconfig` and `netstat -r`. ## Setup router Edit /etc/rc.conf. ``` gateway_enable="YES" ``` Start service ```shell sudo service routing start ``` ## Setup NAT with PF [Document](https://www.freebsd.org/cgi/man.cgi?query=pf.conf&sektion=5&n=1) > For each packet processed by the packet filter, the filter rules are evaluated in sequential order, from first to last. **The last matching** rule decides what action is taken. If no rule matches the packet, **the default action is to pass** the packet. Edit /etc/rc.conf. ``` pf_enable="YES" pflog_enable="YES" ``` Edit /etc/pf.conf ``` ext_if="em0" int_if="em1" intra="10.113.ID.0/24" agent="10.113.ID.129" set skip on lo scrub in all nat on $ext_if from $intra to any -> $ext_if block drop in all # block external pass out all # bug? pass in on $int_if # allow internal pass in proto {tcp, udp} from any port 51820 to any # allow wireguard pass in proto {tcp, udp} from any to $agent port ssh # allow ssh pass in proto icmp all # allow ping ``` Enable pf. ```shell sudo service pf start ```