NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Configure NetBSD as a gateway for LAN hosts

Get BlueMail for Android
On Oct 12, 2020, at 2:10 PM, Rocky Hotas <> wrote:
Thanks to your suggestions for a NIC (in particular, thanks to Martin:
Realtek worked), I configured a second NIC in a NetBSD 9.0 (release)
I would like to use it as a 1) gateway and 2) DHCP server, but didn't
find much documentation as regards problem 1).

Assume that the machine's hostname is netbsd_gateway and its two NICS
are NIC1 and NIC2.

My intention is to create two subnets: subnet1 for all the LAN hosts,
included NIC1, and subnet2 just for NIC2 and the modem. This second
subnet should never be directly accessible from the LAN hosts.

In this moment, netbsd_gateway should simply forward the packets
(sent from LAN hosts to the external internet) to the modem and the
packets from the modem (coming from internet) to the proper LAN
destination host.

(As a further step, I would like to use a traffic shaping tool, to tweak
the available bandwidth and priority for single hosts, but this is a
separate problem).

IIUC, some preliminary operations are:

- put `net.inet.ip.forwarding=1' in /etc/sysctl.conf;
- put `gateway_enable="YES"' in /etc/rc.conf.

But then I don't know how to proceed. Which is the correct approach?
Should I use npf? I found that /usr/share/examples/npf/l2tp_gw-npf.conf
depicts something similar to what I'm trying to do, but it includes
several filterings and protocols.
Should I build a bridge? And how to configure the routing tables?

I'm aware that these are many questions.
Of course, if anyone knows about a tutorial or guide, it's hugely

Thank you in any case,


You have a choice between routing and bridging.
If you choose routing, then you must either
a) Configure your modem to know that the second LAN
is reached via the NetBSD host.
b) Do NAT/PAT so that the modem only sees traffic
coming from the NIC 2 network
Note that a) depends on the modem being able to be configured 
to do this. Not all modems can.

I'm also assuming that the modem is a router and NAT device as well. If it's not, then you 
need to do b). 

I think NAT/PAT is easier anyway and I think routing is easier to
troubleshoot. But bridging would be simpler to set up.

Jason M.

Home | Main Index | Thread Index | Old Index