• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

ipfw

  1. kazix

    IPFW, Jail and network alias

    Hello, I'm trying to configure IPFW on machine with jail (FreeBSD 11.1) Host have one big lagg0, and when jail starting create alias on this lagg0. lagg0: flags=8843... metric 0 mtu 1500 options=401ba.... ether .... inet 10.10.1.102 netmask 0xffffff00 broadcast 10.10.1.255...
  2. IPFW Why can I add port numbers to established and what does that do ?

    Almost every single ipfw ruleset I create has this as the very first rule: allow tcp from any to any established ... and I just noticed that ipfw allows me to specify a port on this rule: allow tcp from any to any 22 established If I create a new connection to port 22, I need a rule to allow...
  3. Help Connecting to the Internet through BSD

    For an assignment we have to connect two workstations to the internet through an HP server running BSD. The WS are connected to a switch that runs to eth0(10.0.0.0 network) and eth1 is connected to the schools internet 192.168.175.0 network. Gateway is enabled, the server is connected to the...
  4. IPFW About IPFW NAT...

    I'm running vm-bhyve on freebsd11.1. one IP on igb0. # ifconfig igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=2400b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6> ether 6c:ae:8b:60:07:ca hwaddr...
  5. IPFW Open status firewall

    Hi, please how can i set firewall status to "open"? I tried firewall_type="open" but i still have default rule: deny ip from any to any like firewall_type="close". Please, can you help me?
  6. goshanecr

    Solved Subnet on ExtIF and ipfw nat not working

    Good day! Please, help me understand, how setup FreeBSD 11-STABLE amd64 router with several ip addresses on external interface. I have: Provider give me subnet 1.1.1.2/24 gw 1.1.1.1 /etc/rc.conf # Assigned external IP addresses ifconfig_rl0="inet 1.1.1.2/24" ifconfig_rl0_alias0="inet...
  7. SSH Over IPV6 Possible Bug

    I've been trying to setup ssh exclusively over IPV6 but have run in to a few issues. These are the steps I'm following, theoretically this should just work. Which is why I'm baffled at this point. I researched a few guides going back to version 10.3 and the process seems to be as follows...
  8. IPFW Is DNS hijacking possible on FreeBSD + IPFW?

    Hi All! I need to redirect all dns queries to local dns server (unbound) on router with FreeBSD 11 amd + ipfw nat. re0 - intranet [192.168.0.1] alias on re0 for unbound [10.0.0.1] re1 - internet [a.b.c.d] I try in various ways: ${FW} fwd 10.0.0.1,53 all from 192.168.0.0/24 to not 10.0.0.1 53...
  9. ronaldlees

    IPFW IPFW rules latency

    I had firefox running. Then in a terminal I added the rule: ipfw add 1001 drop tcp from me to any dst-port 80 setup out via rl0 uid ron Firefox could still visit *any* http site. I exited firefox. I restarted firefox Now firefox could only visit https sites, as I had expected earlier. Is...
  10. kern.hz and dummynet trafic shaping

    Hi guys, I'm trying to figure out is there any relationship between kern.hz parameter and dummynet performance in terms of traffic shaping. Not it's by default = 1000. But is there a need to change it when you have more pps or interrupts? Currently, I'm shaping ~1 Gbit/s of traffic (around...
  11. n9010

    IPFW Port-range forwarding

    Hello, i'm trying to forward a range of ports via ipfw, as the man states the syntax should be: With the TCP and UDP protocols, optional ports may be specified as: {port|port-port|port:mask}[,port[,...]] So i've set the following rule: add 018500...
  12. IPFW FreeBSD PPPoe Port Forwarding

    SRV1:FreeBSD 10.3,IP:10.0.0.1,PPPOe ADSL(ppp),ethernetx1:fxp0 SRV2:FreeBSD 10.3,IP:10.0.0.2 [Goals] port forwarding: SRV1 [port:8922] ----> SRV2 [port:22] SRV [port:8080] ----> SRV2 [port:80] I am experimenting with port forwarding and I have spent few weeks to resolve this. After Googling...
  13. IPFW ipfw nat stateful redirect of a port

    Hello everyone! I have few network services running in jailed configuration on a server, and I use ipfw to protect the server against possible attacks, and to provide its local clients with access to internet. The goal I want to achieve is redirection of some ports of jailed services to the...
  14. IPFW Block all ports&connections but allow only this port

    Hi, i have a problem, i want to block all ports but allow port 25. I trying some rules but not working it. Please, can you help me? Here is my try: #!/bin/sh ipfw -q -f flush cmd="ipfw add" $cmd 00010 check-state $cmd 00020 deny ip from any to any #SSH $cmd 11020 allow tcp from any to any...
  15. hsw

    IPFW NAT failing with nginx+ssl

    I set up a digital Ocean droplet with 10.3-zfs, installed iocage and copied in an working 10.3 jail that has nginx already setup. The jails IP is assigned to tap0 and I am trying to use IPFW+NAT to create a stateful firewall to allow the jail limited external access. With SSL off there is no...
  16. IPFW Rules for jails

    Hello. I can not figure out how to block access in and out of jail. I could only find what jail is not have a firewall. Configure the system should be in the form of parental rules: # ipfw add 00001 tcp any to any jail 1. In manual ipfw about it almost nothing. Tell me how to properly...
  17. ikanobori

    IPFW IPFW/NAT and Jails having many out-of-order and reassembled TCP packets

    Hi, Traffic coming out of my jails seems to be very slow so I ran a tcpdump on my external interface to see what is going on and I get a whole slew of TCP Out of Order and TCP Duplicate ACK in Wireshark. I am talking pages full when any traffic is going out of the jails. Traffic going into the...
  18. olav

    IPFW Is my IPFW NAT setup ok?

    Hello everyone, over this weekend I spent some time by replacing my PFSense firewall with a FreeBSD IPFW one. Mostly because I wanted the flexibility that comes with FreeBSD and that I can install all kind of third party software on the same machine as it has plenty of available resources...
  19. Other Custom module for firewall?

    I am returning to a project which used to use IPFilter to take raw packets passed straight through from a modem. It would filter and route accordingly over several interfaces to insure an isolated set of trusted and untrusted subnets over those separate interfaces (including to a honeypot)...
  20. IPFW Stateful firewall with OpenVPN and in-kernel NAT

    Having a bit of a time getting stateful firewall with OpenVPN and in-kernel NAT to work, which is a few lines of iptables rules on Linux: *nat :pREROUTING ACCEPT [0:0] :pOSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE -A POSTROUTING -s...