1. S

    IPFW How to avoid CARP's IP interference with IPFW NAT rules?

    To pass traffic from a remote host to a service behind the NAT on the box with IP I have a standard set of rules: 00812 nat 82 tcp from to 48888 in via igb0 00822 allow tcp from to 48888 in via igb0 00832 nat 82 tcp from...
  2. S

    IPFW How to list ipfw rules with non-zero counter only?

    Is there a native solution for ipfw to list rules with non-zero counter only? Can't see in the man.
  3. D

    NAT64 464XLAT

    Hello All, i am trying to do NAT464 XLAT similar with below diagram (taken from RFC6877) I have 2 VM using FreeBSD 12.1 Release as CLAT and PLAT with the following Kernel Option : IPFIREWALL IPFIREWALL_VERBOSE IPFIREWALL_DEFAULT_TO_ACCEPT IPFIREWALL_NAT IPFIREWALL_NAT64 LIBALIAS on both VM i...
  4. K

    Solved Squid and IPFW, packets getting stuck in a loop

    I am noticing an odd issue between squid and my firewall setup on a squid proxy system I put together. Periodically, it seems like the IPFW dynamic rules that get created when squid connects out will expire too early, thus causing inbound packets to hit a deny all established rule that comes...
  5. W

    IPFW Curl getting blocked by IPFW

    Hey people, After spend some days searching about my issue,I come here to try the luck. I 'm runing an webserver using: FreeBSD 12.0 Apache24 2.4.41 curl 7.67.0 Using IPFW as firewall. Main problem is about Curl, this one with IPFW enabled is getting timeout and does not work. Similar...
  6. K

    IPFW Redirect/forward specific outbound traffic on WLAN to internal host

    I am trying to find out if it is possible to redirect the traffic of several Android systems on my WLAN to specific internal hosts using IPFW. It seems Android hardcodes specific NTP servers and does not honor the "ntp-servers" DHCP option, meaning I have to allow NTP traffic outbound for these...
  7. F

    IPFW ipfw filter for tcp IPv6 on Freebsd 11

    Hi I am using ipfw for firewalling on a FreeBSD 11 box. Unfortunately I cannot wrap my head around the fact that/why the following rule does not match when I initiate a TCP connection to 2a00:1450:4001:814::2003 (that is Google...): ipfw add 340 set 5 count dst-ip6 2a00:1450:4001:814::2003...
  8. M

    IPFW Setting a common IP for both the Public IP and Jail IP

    Hello All, We are having trouble with finding ways to redirect the public IP address to the jail IP address. We have looked into the rc.conf and jail.conf files but are now sure how we should edit any of these files to achieve this. We have previously been unsuccessful in editing pf values...
  9. F

    How to interrupt network while client downloading content?

    Hi guys! I run a FreeBSD VPS where it's located a webserver with WHMCS inside. (Apache + Nginx) I would like to do other kind of ad by running a prank on social media where people will get message like "X has been hacked. Click here to download database" or something similar. What I need? A...
  10. T

    IPFW IPFW + dummynet with fq_codel halves download speed?

    I've recently(ish) switched from PF to IPFW because I wanted to use dummynet with fq_codel to fix some rather massive bufferbloat issues I'm seeing on my cable Internet connection with one of the US Cable Monsters. Cable modem is set to pass-through, so the only firewall between me an the...
  11. Y

    IPFW IPFW and Samba

    Hello, I have a FreeBSD 11.2 system with Samba installed. If I enable ipfw Samba clients can still connect and browse the filesystem but cannot download most of the files (it looks like the smallest files can be opened). Ipfw is configured in "open" mode: firewall_enable="YES"...
  12. K

    Solved ipfw + NAT mystery

    So I just learned that there's two methods to doing NAT in FreeBSD. The apparently old natd + divert way, which is documented in the handbook, and the new in-kernel ipfw+nat way, that is randomly documented by Google. Is anyone ever going to update the handbook to over ipfw+NAT? The man page...
  13. L

    FreeBSD Policy Based Routing with ipfw nat + fwd using 2 or more Poor Man's ssh VPNs

    Hello, thanks to the posts that I found on this forum, I could implement a gateway in FreeBSD that allows me to do flexible policy routing through different interfaces. I'm going to share. System: FreeBSD freebsd 12.0-STABLE FreeBSD 12.0-STABLE r346132 NEWKERNEL amd64 NEWKERNEL compiled...
  14. fishfox

    Firewalling jail > host and jail <-> jail traffic

    I'm using ezjail and IPFW, at least thus far. So far I have subnet. My gateway is .1, my host server is .2, and my first jail is at .3 I noticed that from within my jail at .3 I can knock on the outside if .2. I added this rule to my host but it makes no difference: add 10032...
  15. Nyakov

    Solved jail + vnet + SLAAC + ipfw

    I decided to share my setup for SLAAC on jail vnet. 1. Create bridge and epair interface in /etc/rc.conf #Configure bridge interface for jails vnet #epair0 - jail interface cloned_interfaces="bridge0 epair0" #create bridge and epair ifconfig_bridge0="ether xx:xx:xx:xx:xx:xx addm re0 SYNCDHCP"...
  16. U

    no NAT/routing through iocage OpenVPN gateway jail/host

    Hi folks, I'm somewhat of a *BSD novice, having rather used various builds for appliance devices, such as pfSense, opnSense, FreeNAS, etc. I've recently set up a new FreeNAS box from scratch, and built/building a jail for the express purpose of maintaining OpenVPN client connections, and then...
  17. saeedpersa


    Dear Friends I installed ShadowSocks VPN with Port: 59080 and Configured IPFW and ByPass this port Here is my IPFW Configure: IPF="ipfw -q add" ipfw -q -f flush TRUST="x.109.x.143" #loopback $IPF 10 allow all from any to any via lo0 $IPF 20 deny all from any to $IPF 30 deny all...
  18. F

    Intermediate IP address

    Hi devs ! I had an idea about how can I reduce my costings but now I need someone who help me translating my idea into PF/IPFW rules. I would like to buy a cheap dedicated server unprotected against DDoS and a VPS protected anti-DDoS. I would like to host on dedicated server few games (udp...
  19. J

    IPFW Transparent proxy squid

    Someone could tell me how I can make a transparent proxy with the IPFW and the squid, it's a bit urgent. Thanks.
  20. D

    Build Onion (TOR) router with high restrictive firewall, and TORs DNS.

    Assumptions: Onion router for web browsing with tor DNS, and unlock 80, and 443 port. What we need: Some time. Some PC or Server or ThinClient, for me is Fuitsu Futro s450 with 2GB of ram and USB LAN adapter, for future is possible to instal into it Network Card at PCI-e or PCI bus. 1. Install...