ipfw

  1. R

    Two providers

    We have: Gateway, two network cards (WAN and LAN) script ipfw (rules NAT) #rc.conf gateway_enable="YES" ifconfig_em0="inet XX.XX.XX.XX netmask 255.255.255.0" #provider ifconfig_em1="inet 192.168.0.1 netmask 255.255.255.0"...
  2. Nyakov

    Solved Cannot make ipv6 work with Wireguard, routing issue?

    Solution: Ok. So. Things are actually stupid. And sad, considering how hard it was to find the answer. Hoster do not route 64 prefix to me. So, I need to use ndproxy or something. ndp - utility ended up completely not helpful. ndproxy - is doing something, probably. Useless it seems for...
  3. M

    Iocage jail network - Need help please

    Hi, I am having issues setting up network on a dedicated server. Basic network tests are failing (cf. end of this message) 1/ Here is main objectives Secure both HOST and JAILS Jails must be able to access public IP (Internet) Jails MUST NOT be able to see any other jail than themself NB : I...
  4. E

    IPFW DDos Attack to port 443

    Hello All, I’m using my FreeBSD device as a gateway, and lately I’ve been receiving a large number of attacks on port 443 from many different IP addresses. I have web server behind gateway. After some time, I can no longer access the device via SSH or other methods. I’m using IPFW as the...
  5. T

    IPFW Help required for IPFW, IPv6 and Jails

    Hi all, I think I need some hints and tipps from you firewall and network experts here. Currently I have the following working scenario for IPv4: My server has one external IPv4 address. I'm running several jails hosting different services, each having an own 192.168.0.x IP on an internal...
  6. sidetone

    IPFW ftpd internet access control: IPFW and hosts.allow

    With FTPD in FreeBSD's base, while relevant to all ftpd servers. I've gotten the IPFW firewall to work with clients which use IPv4. However, my firewall blocks Ethernet clients (in this case an Android with an FTP client ap) which seem to rely only on IPv6, unless, I write the IPv6 address into...
  7. B

    Solved I see many ESTABLISHED connections from one IP to my ssh (port 22) without authentication. Is this a new attack on ssh that I am not aware off?

    I noticed that on my public ssh server at port 22, I see a large number of ssh ESTABLISHED connections, that do not authenticate and stay in the ETABLISHED state sending keep alives. Specifically, in the nestat I see many entries of the form: tcp4 12 0 myIP:.22 156.0.96.22.52574...
  8. K

    IPFW 'ipfw table add' syntax curiosities

    Reading the ipfw man page, at the beginning, it states the following syntax for adding elements to tables: LOOKUP TABLES ... ipfw [set N] table name add table-key [value] ipfw [set N] table name add [table-key value ...] ipfw [set N] table name atomic add [table-key value ...] ... I...
  9. PMc

    IPFW HOWTO: Statefulness, NAT, and dynamic reloading

    Folks, I finally managet to sketch a little draft about some of my doings with ipfw: Advanced ipfw configurations (tell me if you find errors)
  10. H

    Not setting WireGuard as default interface

    Hello. I'm trying to run an IRC server on my machine at home. The problem is that I'm behind my ISP's CGNAT, so I'm trying to connect this home machine(A) to a remote machine(B) that has public IP using WireGuard. On server A I wrote the following WireGuard config: #...
  11. U

    IPFW Dup-to ipfw

    Hi, do you know ipfw syntax for pf dup-to command? Thanks in advance
  12. U

    IPFW reply-to dup-to in ipfw

    Hello everyone, I would like to know if anyone knows the syntax of ipfw for reply-to and dup-to of pf and if you could write me some examples. Thanks in advance
  13. H

    Discussing BPF + IPFW + TAG for L7 Filtering on FreeBSD

    Hello Forum, I am conducting tests on a L7 filter setup using BPF, IPFW, and TAG, based on the resource: Tutorial_NETGRAPH_A4_Slides.pdf. I am particularly interested in the section "BPF + IPFW + TAG = L7 Filter". During experiments on my FreeBSD system, I encountered an issue where packets do...
  14. U

    IPFW ipfw and pf

    Hello everyone, I would like to use pf and ipfw at the same time for different tasks, but I can not understand who is activated first (if there is an order) when a rule is received. Also trying to verify this, I can’t figure out where the pf and ipfw log files are located on both OPNsense and...
  15. K

    IPFW ipfw blocks outgoing carp advertisements when using pipe

    I want to rate limit all outgoing traffic. I'm able to do so by following these steps Add the following line to /boot/loader.conf: dummynet_load="YES" Add the following lines to /etc/rc.conf: firewall_enable="YES" firewall_script="/etc/ipfw.rules" The /etc/ipfw.rules file looks like this...
  16. I

    IPFW Packet tag leaks from connection setup packet (SYN) to connection refusal packet (RST)

    I'm experimenting with ipfw packet tagging (tag/untag/tagged keywords) and keep getting unexpected results in seemingly trivial cases. The configuration for this experiment is: # ipfw show 00100 0 0 allow ip from any to any via lo0 00200 0 0 count tag 3 in recv igb0 dst-ip 192.168.33.1 not...
  17. I

    IPFW Why do ipfw rules have no effect on dhclient?

    I've run a simple experiment on FreeBSD 14.0 and the results are quite unexpected to me. Could you explain these results to me? Warning! The experiment MUST be run from console. Do not try to reproduce it over SSH as it will make the host inaccessible! Console log, with comments: # killall...
  18. plexinvise

    Solved Gateway, NAT (PAT). Cannot use external TFTP due to UDP port "unreachable"

    Hi there, I am trying to solve a problem with my gateway setup. My FreeBSD machine is basically a gateway RaspberryPI which has two NIC: ue0 (Connected to external network, let's call it Internet) and ue1 (is an interface for internal LAN, dhcpd and dnsmasq spinning on it). My current setup...
  19. D

    IPFW firewalling for bhyve host bypassing bhyve guests

    Hello, My objective is to protect services on a bhyve host, while allowing traffic to the bhyve guests to pass to them unprocessed, as these each have pf and their own firewall policies. The host running an up-to-date 13-stable. I know ipfw can process both layer 2 and layer 3 traffic, but pf...
  20. zigfrid

    IPFW ipfw blocks responses after FreeBSD upgrade

    Hello Since I upgraded my FreeBSD from 12.0 to 13.2, I have problems with ipfw. For example, if I send a http request from my laptop (192.168.11.7) to the printer (10.50.0.22), ipfw blocks the response from the printer: Oct 5 10:34:08 mail kernel: ipfw: 2199 Deny TCP 10.50.0.22 192.168.11.7...
Back
Top