I have an AP+bridge+firewall ("router") running FreeBSD 12.2-RELEASE r366954 GENERIC amd64.
It's roughly set up as follows:
- igb0 connects to my ISP via DHCP. (Disabled while I debug this.)
- bridge0 has dnsmasq running on it as a DHCP server and DNS server. (Only dynamic addresses at the...
I've came further with my config of Softether VPN and IPFW.
I'm in place where I want to allow RDP to only 1 IP, let' say it's: 192.168.1.10.
I add a rule:
allow tcp from any to 192.168.1.10 3389 out via $iif setup keep-state
I'm able to telnet 192.168.1.10 3389 but can't RDP...
Currently I already have my server runing as desired.
Looking for optimizations and how to keep it hardening, I have found the reference on /etc/rc.ipfw about the book Building Internet Firewalls.
So, try following some examples, I did not got how ipfw works when trying limit...
First I wanted to give a shout out to everyone who has posted other problems and responses over the years - the knowledge base has helped tremendously.
I'm here today to ask for pointers regarding IPFW and natd. Some background: I have a very old server that runs a business and is due...
Here I present a script which works like a simple intrusion detections system.
I have made the script a long ago and used it for a long time.
Now I have decided to share the script with the community.
If this Forum is not a right place for such publications, I hope, the Community can suggest...
(Sorry for being a noob, It's my first time on the forums)
Hi, I am using a custom firewall rules script, It supposed to block all connections other than the ones specified here but well, it doesn't
here is my script:
IPF="ipfw -q add"
ipfw -q -f flush
$IPF 10 allow all from any to...
I'm trying to setup jails on a Digital Ocean droplet by following the instructions in the handbook: https://www.freebsd.org/doc/handbook/jails-ezjail.html
The network configuration is like this:
* vtnet0 with the external IP address, 10.10.0.5 netmask 0xffff0000 (Digital Ocean's...
To pass traffic from a remote host 18.104.22.168 to a service behind the NAT on the box with IP 22.214.171.124 I have a standard set of rules:
00812 nat 82 tcp from 126.96.36.199 to 188.8.131.52 48888 in via igb0
00822 allow tcp from 184.108.40.206 to 10.1.1.8 48888 in via igb0
00832 nat 82 tcp from...
I use the net/wireguard port for my VPN needs but have a problem if I want to connect to the same IP as the endpoint through the tunnel, because a static route is automatically added for obvious reasons to send this traffic directly rather than through the VPN.
Now one way around this is to use...
i am trying to do NAT464 XLAT similar with below diagram (taken from RFC6877)
I have 2 VM using FreeBSD 12.1 Release as CLAT and PLAT with the following Kernel Option :
on both VM i...
I am noticing an odd issue between squid and my firewall setup on a squid proxy system I put together. Periodically, it seems like the IPFW dynamic rules that get created when squid connects out will expire too early, thus causing inbound packets to hit a deny all established rule that comes...
After spend some days searching about my issue,I come here to try the luck.
I 'm runing an webserver using:
Using IPFW as firewall.
Main problem is about Curl, this one with IPFW enabled is getting timeout and does not work.
I am trying to find out if it is possible to redirect the traffic of several Android systems on my WLAN to specific internal hosts using IPFW. It seems Android hardcodes specific NTP servers and does not honor the "ntp-servers" DHCP option, meaning I have to allow NTP traffic outbound for these...
I am using ipfw for firewalling on a FreeBSD 11 box. Unfortunately I cannot wrap my head around the fact that/why the following rule does not match when I initiate a TCP connection to 2a00:1450:4001:814::2003 (that is Google...):
ipfw add 340 set 5 count dst-ip6 2a00:1450:4001:814::2003...
We are having trouble with finding ways to redirect the public IP address to the jail IP address. We have looked into the rc.conf and jail.conf files but are now sure how we should edit any of these files to achieve this.
We have previously been unsuccessful in editing pf values...
I run a FreeBSD VPS where it's located a webserver with WHMCS inside. (Apache + Nginx)
I would like to do other kind of ad by running a prank on social media where people will get message like "X has been hacked. Click here to download database" or something similar.
What I need?
I've recently(ish) switched from PF to IPFW because I wanted to use dummynet with fq_codel to fix some rather massive bufferbloat issues I'm seeing on my cable Internet connection with one of the US Cable Monsters. Cable modem is set to pass-through, so the only firewall between me an the...
I have a FreeBSD 11.2 system with Samba installed. If I enable ipfw Samba clients can still connect and browse the filesystem but cannot download most of the files (it looks like the smallest files can be opened). Ipfw is configured in "open" mode:
So I just learned that there's two methods to doing NAT in FreeBSD. The apparently old natd + divert way, which is documented in the handbook, and the new in-kernel ipfw+nat way, that is randomly documented by Google. Is anyone ever going to update the handbook to over ipfw+NAT? The man page...