硬件平台:工控J1900四口小盒子 系统:freebsd12.0
网卡em0 外网接口
网卡em1 内网接口
步骤:
step1:配置网卡接口地址和默认路由
root@TOR:~ # vi /etc/rc.conf
ifconfig_em0="inet 192.168.1.10 netmask 255.255.255.0"
ifconfig_em1="inet 10.133.1.254 netmask 255.255.255.0"
defaultrouter="192.168.1.1"
step2:开启IPFW和NAT功能
root@TOR:~ # vi /etc/rc.conf
firewall_enable="YES"
firewall_script="/etc/ipfw.conf"
natd_enable="YES"
gateway_enable="YES"
natd_interface="em0"
配置完成后保存,重启系统
step3:配置访问策略
root@TOR:~ # vi /etc/ipfw.conf
ipfw add allow tcp from 192.168.1.0/24 to me 22 in
ipfw add allow tcp from me 22 to any out
ipfw add allow icmp from any to any icmptypes 8 out
ipfw add allow icmp from any to any icmptypes 0 in
ipfw add divert natd all from any to any via em0
ipfw add pass all from any to any
ipfw add allow udp from me to any 53 out
ipfw add allow udp from any 53 to me in
ipfw add allow icmp from any to any icmptypes 11 in
ipfw add check-state
ipfw add deny tcp from any to any in established
ipfw add allow tcp from any to any out setup keep-state