Hello. I need to open a port on my Freebsd desktop. there is a VPN server on Linux, everything is configured there. when I connect to a VPN with the firewall turned off on the local host, the port is open when I comment on the line
VPN connection address log
ifconfig
all PF Settings
I read man pf.config. To understand, it seems that somehow you need to add NAT rules to the filters after "block all", but I don't understand how.
block all
in the enabled PF. The port is also opening. But what is the correct way to pass a port through the block all
filter?gateway_enable="YES"
in rc.confVPN connection address log
Code:
2023-10-28 19:41:11 [server_HFJeyr26y1CXo8Jr] Peer Connection Initiated with [AF_INET]123.45.67.89:1194
2023-10-28 19:41:11 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2023-10-28 19:41:11 TLS: tls_multi_process: initial untrusted session promoted to trusted
2023-10-28 19:41:12 SENT CONTROL [server_HFJeyr26y1CXo8Jr]: 'PUSH_REQUEST' (status=1)
2023-10-28 19:41:12 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 84.200.69.80,dhcp-option DNS 84.200.70.40,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM'
2023-10-28 19:41:12 OPTIONS IMPORT: --ifconfig/up options modified
2023-10-28 19:41:12 OPTIONS IMPORT: route options modified
2023-10-28 19:41:12 OPTIONS IMPORT: route-related options modified
2023-10-28 19:41:12 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-10-28 19:41:12 Preserving previous TUN/TAP instance: tun0
2023-10-28 19:41:12 Initialization Sequence Completed
ifconfig
Code:
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether 98:40:bb:32:1e:f3
inet 192.168.1.141 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160
groups: pflog
tun0: flags=8143<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet 10.8.0.2 netmask 0xffffff00 broadcast 10.8.0.255
groups: tun
nd6 options=9<PERFORMNUD,IFDISABLED>
Opened by PID 7600
all PF Settings
Code:
rdr on re0 proto { tcp, udp } from any to 123.45.67.89 port 12345 -> 10.8.0.2 port 12345
nat on re0 proto { tcp, udp } from 10.8.0.2 to any -> 123.45.67.89
block all
pass out proto { tcp udp } to port { 53 80 123 443 22 1194 12345 }
pass out inet proto icmp icmp-type { echoreq }
I read man pf.config. To understand, it seems that somehow you need to add NAT rules to the filters after "block all", but I don't understand how.
Last edited by a moderator: