1. LordInateur

    Network Issues w/ LAGG + VMs

    Hello, all! I have an interesting setup that I'm hoping to get a little bit of help with. Before I start: please yell at me if some of my formatting is wonky-- I'm used to markdown, but not so much the styling that the FreeBSD Forums asks for, so if I've done something that needs to be...
  2. I

    IPFW Redirect UDP packets from IP:PORT to IP:PORT

    Hi, is it possible to create a rule to Redirect everything is coming from <ip1>:<port1> to redirect to <ip2>:<port2> and visa versa for protocoll UDP? I am using ipfw
  3. A

    IPFW Filtering ICMP with ipfw Q: icmptype AND code?

    I know I can have ipfw rules matching the ICMP protocol and specify one or more icmptypes. But how do I also match on the ICMP type's code (those that have such)? For example I can easily match ICMP type 3 (destination unreachable) messages: ipfw add 1000 count log icmp from me to...
  4. decuser

    Other Choosing which firewall to use in 2021 - FreeBSD 13

    OK. I've read man firewall and Chapter 31. Firewall and I'm still a bit uncertain about which firewall to choose. Here's my use case: I have FreeBSD 13 installed on my Lenovo Thinkpad T-430. I alternate between the ethernet connection and wifi. Either way, I only use IPV4. I would like to be...
  5. Y

    IPFW How to match MAC address

    I am trying to do a simple test of matching mac coming from a machine connected to re0 and allowing it. I don't care if i'm able to actually use the packet, all I want is the rule number to show up in in /var/log/security so I know something is matching. The ipfw command I'm using is ipfw add 10...
  6. O

    Solved Block all incoming, but allow all outgoing

    Before anyone says it, I know I could do this differently, but I feel like I shouldn't have to. I'm trying to block all incoming traffic (except, of course, for public ports; SMTP, HTTP, HTTPS), but still allow all outgoing traffic. Tried something like this; 62000 allow tcp from any to $ME...
  7. Thomas.

    Vnet jail with IPFW NAT outbound traffic no longer works after upgrade from 12.2-RELEASE to 13.0-RELEASE

    Hi, I'm new to FreeBSD (only started tinkering about with it last week), and after lots of digging through the documentation, handbook, and many other online resources I managed to have my vnet enabled jail working in conjunction with ipfw in-kernel NAT. Both inbound and outbound traffic was...
  8. luckman212

    PF Possible to pre-determine which gateway a packet will egress from without actually sending the packet?

    I am trying to create a script that looks at an existing stateful connection and tries to figure out if it's using the most preferred gateway according to the pf ruleset (policy). Is there a way from a console terminal, to determine what gateway would be used for new connections to a certain...
  9. U

    Solved Passing all outbound trafic from Jail behind NAT

    I'm trying to pass all outbound traffic from Jails. I'm using IPFW, because it's default for FreeBSD. All Jails live on cloned lo1 interface, no VNET. How can I pass all outbound traffic from my Jails to the Internet through vtnet0 interface? PLEASE DELETE THIS THREAD.
  10. Caesar.Knight

    IPFW On IPFW / kernel

    Years ago when customizing your kernel was a right of passage: - the bare metal servers I had would include three or four options to compile. I realize it wasn’t necessary but already configuring so.. After moving to “cloud” providers and hitting some issues when my provider was using jails...
  11. alfa

    Other How to change Packet Traversal order in FreeBSD IPFW and PF Firewalls in Kernel level ?

    Hi, I have to use both IPFW and PF sametime in my freebsd 12.2 gateway normally firewalls follows this order pf => ipfw as you now i am trying to do this order: input => ipfw => pf but i think i cannot change this order without touching kernel level . when i made some research i found this...
  12. U

    Jails with IPFW and no internet inside jails

    Hello. I'm trying to set up basic jails on FreeBSD 13.0-RELEASE. After 3 days of struggling with no internet access inside jails, I give up with troubleshooting and reach out here for help. This is my configuration and what I've achieved so far: /etc/rc.conf: root@freebsd13:~# cat...
  13. Sergei_Shablovsky

    PF How BSD pf performance depend on CPU frequency, L2/L3 cache size

    Hi, hardware gurus! How exactly BSD pf performance (in matter of low latency, high PPS, etc) depend on bus frequency, main CPU frequency and L2/L3 cache size in multi-package (mean physical multi-CPU, like Intel E5500/5600, E5-2000 series) server systems that intend working as border firewall...
  14. nerozero

    Solved ssh receive reset package randomly, Fssh_packet_write_poll: Connection from user user a.a.a.a port 38142: Permission denied

    Hello, I have a firewall issue, dropping randomly ssh connections. in the /var/log/auth.log: Fssh_packet_write_poll: Connection from user user x.x.x.x port 37832: Permission denied here is my the firewall rules: 00100 28 1400 allow ip from any to any via lo0 00200 0 0 deny ip from...
  15. nero

    Samba, IPFW, and the internet

    I am looking for best practices and see if anyone else is successfully running a similar environment. Have FreeBSD server that is basically a LAMP environment. That is living on a public IP address and using IPFW to block everything except 80 and 443. That is all working very well without...
  16. H

    Solved IPFW workstation setting blocking ssh

    I'm trying to enable ssh access to my laptop however it seems that ipfw blocks it, despite opening the port. I'm on FreeBSD 13. Following is the rc.conf section configuring the firewall, as well as the output from ipfw -t list after trying to ssh into my laptop from my phone (using termux)...
  17. O

    IPFW Can't get routing/NAT down an openvpn tunnel working

    I'm running openvpn in a VNET jail to connect to a commercial VPN provider. This was working fine with processes in the jail all using the VPN. I wanted to setup the jail to act as a router so that more network traffic could potentially be sent down the VPN. For testing, I added a second FIB on...
  18. T

    Solved Allowing selective traffic from/to wlan with -apbridge set (starting with ARP)

    I have an AP+bridge+firewall ("router") running FreeBSD 12.2-RELEASE r366954 GENERIC amd64. It's roughly set up as follows: - igb0 connects to my ISP via DHCP. (Disabled while I debug this.) - bridge0 has dnsmasq running on it as a DHCP server and DNS server. (Only dynamic addresses at the...
  19. J

    IPFW RDP protocol

    Hello lads, I've came further with my config of Softether VPN and IPFW. I'm in place where I want to allow RDP to only 1 IP, let' say it's: I add a rule: allow tcp from any to 3389 out via $iif setup keep-state I'm able to telnet 3389 but can't RDP...
  20. W

    IPFW Question about how ipfw rule for HTTP 80 works

    Hey everybody, Currently I already have my server runing as desired. Looking for optimizations and how to keep it hardening, I have found the reference on /etc/rc.ipfw about the book Building Internet Firewalls. So, try following some examples, I did not got how ipfw works when trying limit...