ipfw

Good day everyone! Can't beat the following problem. Internet -> router (x.x.x.x/192.168.1.1) -> ASC server {FreeBSD12+ipfw/nat/fwd (192.168.1.12|If_Inet) + OpenVPN server (192.168.101.1|If_VPN)} -> ADM server {OpenVPN client (192.168.101.6|If_VPN) + FreeBSD12 www-server (Ip_WWW)} ->...

Dear All, I wantto migrate my local network to ipv6 network but my isp supports only ipv4. I am using ipfw. how can I nat IPV6 clients to internet? Thanks.

Dear All, I have made several sets of rules using IPFW. I've separated them into rule 1 and 2, and the rest in rule 31. What I want to do is that after restart, I would like to only have rule 31 running (with rule 1 and 2 disabled). Only after VNets are up (all the pairs and bridges are set up...

Hello, I'm new to work with jail. I try this example: FreeBSD jails: a complete example I've created the jail from another example - copied some files from the host - did a bit configuration - and it works: I can start it and connect in it with 'tcsh' command. With the example above I try to...

Hi all, does anyone know if it is possible to change the destination address for local generated outgoing traffic? I try to achieve that traffic with a destination address to 1.2.3.4 gets rewritten to 10.10.10.10. I tried to implement that rules in pf and ipfw without success. In general I...

After a couple of years, I have started to use FreeBSD again. Previously I was using Linux, and in all my servers I have installed "PSAD" package, which detect the Port Scanners IP addresses and bans them through IPTabels rules. I have searched the same in FreeBSD but does not exit. something...

Hello everyone I have the following case :) I make a multicast using ffmpeg ffmpeg -i rtmp://localhost/c1/c1 -c:v copy -c:a copy -f mpegts udp://232.1.1.3:3000 I have a multicast tcpdump -n |grep 232.1.1.3 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening...

Hello, all! I have an interesting setup that I'm hoping to get a little bit of help with. Before I start: please yell at me if some of my formatting is wonky-- I'm used to markdown, but not so much the styling that the FreeBSD Forums asks for, so if I've done something that needs to be...

Hi, is it possible to create a rule to Redirect everything is coming from <ip1>:<port1> to redirect to <ip2>:<port2> and visa versa for protocoll UDP? I am using ipfw

I know I can have ipfw rules matching the ICMP protocol and specify one or more icmptypes. But how do I also match on the ICMP type's code (those that have such)? For example I can easily match ICMP type 3 (destination unreachable) messages: ipfw add 1000 count log icmp from me to...

OK. I've read man firewall and Chapter 31. Firewall and I'm still a bit uncertain about which firewall to choose. Here's my use case: I have FreeBSD 13 installed on my Lenovo Thinkpad T-430. I alternate between the ethernet connection and wifi. Either way, I only use IPV4. I would like to be...

I am trying to do a simple test of matching mac coming from a machine connected to re0 and allowing it. I don't care if i'm able to actually use the packet, all I want is the rule number to show up in in /var/log/security so I know something is matching. The ipfw command I'm using is ipfw add 10...

Before anyone says it, I know I could do this differently, but I feel like I shouldn't have to. I'm trying to block all incoming traffic (except, of course, for public ports; SMTP, HTTP, HTTPS), but still allow all outgoing traffic. Tried something like this; 62000 allow tcp from any to $ME...

Hi, I'm new to FreeBSD (only started tinkering about with it last week), and after lots of digging through the documentation, handbook, and many other online resources I managed to have my vnet enabled jail working in conjunction with ipfw in-kernel NAT. Both inbound and outbound traffic was...

I am trying to create a script that looks at an existing stateful connection and tries to figure out if it's using the most preferred gateway according to the pf ruleset (policy). Is there a way from a console terminal, to determine what gateway would be used for new connections to a certain...

I'm trying to pass all outbound traffic from Jails. I'm using IPFW, because it's default for FreeBSD. All Jails live on cloned lo1 interface, no VNET. How can I pass all outbound traffic from my Jails to the Internet through vtnet0 interface? PLEASE DELETE THIS THREAD.

Years ago when customizing your kernel was a right of passage: - the bare metal servers I had would include three or four options to compile. I realize it wasn’t necessary but already configuring so.. After moving to “cloud” providers and hitting some issues when my provider was using jails...

Hi, I have to use both IPFW and PF sametime in my freebsd 12.2 gateway normally firewalls follows this order pf => ipfw as you now i am trying to do this order: input => ipfw => pf but i think i cannot change this order without touching kernel level . when i made some research i found this...

Hello. I'm trying to set up basic jails on FreeBSD 13.0-RELEASE. After 3 days of struggling with no internet access inside jails, I give up with troubleshooting and reach out here for help. This is my configuration and what I've achieved so far: /etc/rc.conf: root@freebsd13:~# cat...

Hi, hardware gurus! How exactly BSD pf performance (in matter of low latency, high PPS, etc) depend on bus frequency, main CPU frequency and L2/L3 cache size in multi-package (mean physical multi-CPU, like Intel E5500/5600, E5-2000 series) server systems that intend working as border firewall...