nat

Hi. In PF rules, could someone explain the differences between; nat on $ext_if from ($int_if:network) to any -> ($ext_if:0) and nat on $ext_if from ($int_if:network) to any -> ($ext_if:0) port 1024:65535 On the second rule, what does port 1024:65535" actually do in terms of NAT? "$int_if"...

Greetings. I have public NIC with few public IPs assigned; $ext_if = my external NIC with my public Internet addresses $public_IP_1 = one of my public Internet IP (assigned as an alias and working on $ext_if) And 10.10.10.2 is my jail running on FreeBSD 14 host machine. I have the following PF...

Hello dear FreeBSD gurus. Not sure this topic fits in here, feel free to move the topic if it's not correct. What i'm trying to do is to install Caprover (caprover.com) on a guest os on my FreeBSD host machine. I'm doing virtualization with bhyve. This is not the relevant part though ;) So...

Hi there, I am trying to solve a problem with my gateway setup. My FreeBSD machine is basically a gateway RaspberryPI which has two NIC: ue0 (Connected to external network, let's call it Internet) and ue1 (is an interface for internal LAN, dhcpd and dnsmasq spinning on it). My current setup...

Hi all, I am struggling to troubleshoot network connectivity issues on a BastilleBSD nat'd jail created using these instructions: https://docs.bastillebsd.org/en/latest/chapters/networking.html#loopback-bastille0 In the container I can resolve DNS queries (e.g. pinging a url returns a valid...

Hello there. I've a tiny FreeBSD VPS with two jails running within it. I'm reaching out the jails remotely via SSH (First jail: My.public.IP.addr:4215 - 2nd one: my.public.IP.addr:4214) by having the config below. lo1 = My Jails' virtual local interface I created via rc.conf. I don't know if...

I'm missing something obvious. Why NAT doesn't work in a Wireguard server to route clients' traffic? ext_if="vtnet0" wg_clients="10.40.0.0/24" nat on $ext_if inet from $wg_clients to any -> ($ext_if) The server's Wireguard IP address is 10.40.0.1, the client's - 10.40.0.30. Running tcpdump on...

Hi, I have successfully setup NAT on pf with this in /etc/pf.conf file: nat on wlan0 inet from 10.1.1.0/24 to any -> (wlan0) round-robin I am now trying to achieve the same what is available out of the box on VirtualBox - port forwarding. For example one of my Bhyve virtual machines is...

I'm trying to wrap my head around how virtual bridges/switches/tap interfaces work under bhyve. I guess I'm doing something fundamentally stupid here (or my understanding of how this works is fundamentally wrong), but please bear with me... I do use bhyve on a few of my machines, but on those I...

Hello, I have a request. I need to set up NAT on one interface. I am using two addressing schemes in one network: 192.168.2.0/24 and 192.168.8.0/24. This was done previously and I cannot change it at the moment. The router, which is based on FreeBSD, has an address of 192.168.2.1 and an alias on...

Hello, I tried for a quite some time to get it working, but unsuccessful so far. I hope to get some pointers here that will help me to learn more about FreeBSD, wireguard and networking, also the content might be helpful for others browsing the web for solutions. Note that I am very new to...

Situation: VPN server, hosting OpenVPN and L2TP connections. OpenVPN connections share a "utun" interface, one per OpenVPN server process. L2TP connections each get a unique "ppp" interface. Given the variable number & names of virtual interfaces, the easiest way to capture all of the potential...

Hi all, I updated my internet facing router/firewall from 12.2-RELEASE-p11 to the latest 12.3 release: 12.3-RELEASE-p7. I'm using a custom kernel with ALTQ support as it helps with my transfer speeds. More info on this below as I even disabled ALTQ to try to solve this issue. The issue: after...

Hello everyone, Experimenting IPFW, I would really appreciate some help to improve my abilities ! I actually know how to use it as a workstation firewall, but now, I would like to learn how to use it as an easy full firewall (just for experimenting). Here is an easy network map describing what...

I would like to pass incoming packets on a specific port, which is used for NAT, even if these packets don't match a connection from the NAT table. I use a machine with FreeBSD and pf as a router. A PBX on my local network must both reach a phone provider on the internet and be reachable...

Hello, in short: A Jail is installed. Can start and stop and connect to it. Inside its running an Apache web server. Some simple Website exists. Starting the jail and make a test like this works: printf "HEAD / HTTP/1.1\r\nHost: <www.example.com>t\r\n\r\n" also telnet <www.example.com> 80...

At an office, a FreeBSD router is set up using ipfw and nat. This part works great and has for years. We added an ipsec tunnel for a remote network. I have the tunnel up, and can ping from the internal interface (em1 172.31.0.200) to the remote IP 10.4.4.4, no problem. For the nat, I set up...

Good day everyone! Can't beat the following problem. Internet -> router (x.x.x.x/192.168.1.1) -> ASC server {FreeBSD12+ipfw/nat/fwd (192.168.1.12|If_Inet) + OpenVPN server (192.168.101.1|If_VPN)} -> ADM server {OpenVPN client (192.168.101.6|If_VPN) + FreeBSD12 www-server (Ip_WWW)} ->...

I do not have a static IP for my computer connected by fiber to home. My ISP assigns an IP address by DHCP, is there a way of making my ISP's router at my home remember the address assigned to me by local settings? I do not fully understand but this URL to a how-to guide points to a method...

Hi, everyone. Seems like between the times I DO the PF config, I forget something very important :) Anyway. My box has 3 NICs. There is WAN and LAN ethernets, then there is a WIFI AP managed by hostapd. And here is my /etc/pf.conf: out_if = "igb0" lan_if = "igb1" wifi_if = "wlan0" nonroute =...