Hello,
I just starting using FreeBSD and this is my first time using IPFW.
I'm interesting to learn and gain experience to write firewall rules.
I start making a personal project to configure FreeBSD into a router and firewall.
I try to make it as simple as possible to make the firewall and the NAT working
by passing all the traffic in both directions.
What puzzle me is when I test this present configuration I don't have internet connections...
I read in other post on the forum that to make this part work can be a headache.
With the present configuration, I can ping the local IP's and my public IP.
However, I cannot ping other public IP's or URLs.
In the security file logs it shows my DNS server traffic out/in of the WAN Ethernet port.
The traceroute to a URL, show that it is stuck at my gateway IP...
The release version I am using is FreeBSD-11.2
I'm not sure where to look for this issue.
Some guidance will be very appreciated.
--- To begin i run the command ---
kldload ipfw
-------------------------------------------------------
--- Change the options ----
net.inet.ip.forwarding="1"
net.inet.ip.fw.one_pass="1"
-------------------------------------------------------
--- /etc/rc.conf ---
-------------------------------------------------------
--- /etc/ipfw.rules ---
--- resolv.conf ---
--- This file is read only. Not to be override by the ISP Dhcp
Thank's for your help
I just starting using FreeBSD and this is my first time using IPFW.
I'm interesting to learn and gain experience to write firewall rules.
I start making a personal project to configure FreeBSD into a router and firewall.
I try to make it as simple as possible to make the firewall and the NAT working
by passing all the traffic in both directions.
What puzzle me is when I test this present configuration I don't have internet connections...
I read in other post on the forum that to make this part work can be a headache.
With the present configuration, I can ping the local IP's and my public IP.
However, I cannot ping other public IP's or URLs.
In the security file logs it shows my DNS server traffic out/in of the WAN Ethernet port.
The traceroute to a URL, show that it is stuck at my gateway IP...
The release version I am using is FreeBSD-11.2
I'm not sure where to look for this issue.
Some guidance will be very appreciated.
--- To begin i run the command ---
kldload ipfw
-------------------------------------------------------
--- Change the options ----
net.inet.ip.forwarding="1"
net.inet.ip.fw.one_pass="1"
-------------------------------------------------------
--- /etc/rc.conf ---
Code:
hostname="Router"
gateway_enable="YES"
ifconfig_igb0="DHCP"
firewall_enable="YES"
firewall_nat_enable="YES"
firewall_nat_interface="ibg0"
firewall_script="/etc/ipfw.rules"
firewall_logging="YES"
ifconfig_igb1="inet 192.168.5.1 netmask 255.255.255.0"
defaultrouter="192.168.5.1"
sshd_enable="YES"
ntpd_enable="YES"
ntpd_sync_on_start="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
sendmail_enable="NONE"
--- /etc/ipfw.rules ---
Code:
#!/bin/sh
ipfw -q -f flush
cmd="/sbin/ipfw -q add"
Wan_Nic="igb0"
Lan_Nic="igb1"
Lan_Net="192.168.5.0/24"
DNS_Svr="192.168.5.10"
# Allow all from Loopback
$cmd 00010 allow all from any to any via lo0
#--- Incoming traffic filter
$cmd 00100 nat 1 ip from any to any via $Wan_Nic in
$cmd 00200 check-state
# Skip to outgoing connection
$cmd 00300 skipto 10000 tcp from any to any via $Wan_Nic out keep-state
$cmd 00310 skipto 10000 udp from any to any via $Wan_Nic out keep-state
# Allow all local trafic to the router
$cmd 00400 allow all from $Lan_Net to 192.168.5.1 keep-state
$cmd 00410 allow log all from any to any keep-state
#--- Outgoing traffic filter
$cmd 10000 nat 1 ip from any to any via $Wan_Nic out
$cmd 10100 allow log all from any to any keep-state
--- This file is read only. Not to be override by the ISP Dhcp
Code:
search example.com
nameserver 192.168.5.10
Thank's for your help