nat

  1. Londo

    IPFW IPFW and natd causing huge packet load

    Hello, First I wanted to give a shout out to everyone who has posted other problems and responses over the years - the knowledge base has helped tremendously. I'm here today to ask for pointers regarding IPFW and natd. Some background: I have a very old server that runs a business and is due...
  2. alwindoss

    Solved Unable to access internet from FreeBSD running as guest on virtualbox

    I am a new user of FreeBSD and I managed to install it on virtualbox as a guest after failing to install it directly on my laptop. I will do that after I gain confidence in FreeBSD on virtualbox. However after installation I am unable to access internet from the Guest FreeBSD. I have looked...
  3. R

    Jails setup with the external IP address on vtnet0

    Hello, I'm trying to setup jails on a Digital Ocean droplet by following the instructions in the handbook: https://www.freebsd.org/doc/handbook/jails-ezjail.html The network configuration is like this: * vtnet0 with the external IP address, 10.10.0.5 netmask 0xffff0000 (Digital Ocean's...
  4. S

    IPFW How to avoid CARP's IP interference with IPFW NAT rules?

    To pass traffic from a remote host 55.55.55.55 to a service behind the NAT on the box with IP 77.77.77.77 I have a standard set of rules: 00812 nat 82 tcp from 55.55.55.55 to 77.77.77.77 48888 in via igb0 00822 allow tcp from 55.55.55.55 to 10.1.1.8 48888 in via igb0 00832 nat 82 tcp from...
  5. I

    Solved Wireguard setup (with PF problems)

    Hi there, I'm sort of a new user with FreeBSD, so please excuse me if you see some glaring error in my thinking/configs (I'm a Linux admin so there are differences I'm counting on). :) So here is my problem - I would like to set up Wireguard on FreeBSD 12, which is mostly done, I think, the...
  6. K

    Solved ipfw + NAT mystery

    So I just learned that there's two methods to doing NAT in FreeBSD. The apparently old natd + divert way, which is documented in the handbook, and the new in-kernel ipfw+nat way, that is randomly documented by Google. Is anyone ever going to update the handbook to over ipfw+NAT? The man page...
  7. L

    FreeBSD Policy Based Routing with ipfw nat + fwd using 2 or more Poor Man's ssh VPNs

    Hello, thanks to the posts that I found on this forum, I could implement a gateway in FreeBSD that allows me to do flexible policy routing through different interfaces. I'm going to share. System: FreeBSD freebsd 12.0-STABLE FreeBSD 12.0-STABLE r346132 NEWKERNEL amd64 NEWKERNEL compiled...
  8. H

    Dynamic NAT from pool on FreeBSD

    Good day, I have a FreeBSD 8.1 server installed and connected to network. (See topology screenshot). I need to masquarade the PC ip 192.168.1.2 on FreeBSD to 1.1.1.3, not to 1.1.1.2. On router the the source traffic must been from 1.1.1.3, not from 1.1.1.2. Is it possible? I tried with...
  9. U

    no NAT/routing through iocage OpenVPN gateway jail/host

    Hi folks, I'm somewhat of a *BSD novice, having rather used various builds for appliance devices, such as pfSense, opnSense, FreeNAS, etc. I've recently set up a new FreeNAS box from scratch, and built/building a jail for the express purpose of maintaining OpenVPN client connections, and then...
  10. S

    PF Jails with NAT

    I'm trying to set up an Ampache media server at home and am taking the opportunity to learn how to use jails on FreeBSD. I'm trying to set up jails on a separate loopback network on the host and use the NAT features of PF to direct the traffic where it should go. I've tried following multiple...
  11. R

    PF PF config for double NAT jail host

    I think that I'm being somewhat ambitious and I'm finding that I'm getting some horrible issues as a result. Firstly, what I'm trying to achieve. The way that I have tried to set up this network in the past was that the router was in the DMZ and that it passed some traffic (HTTP/S) through to...
  12. m0nkey_

    IPFW Using IPFW to NAT a jail inside a VM == Slow network connectivity inside jail

    I've been pulling my hair out over this for days! I have a VM, jails on a loopback interface and using IPFW to NAT the traffic. My findings show that it slows to a crawl. I've also tested with PF and it works like a charm. Network speeds within the jail are fine. I've tested this on Vultr...
  13. J

    Solved In-kernel NAT dropping large UDP return packets

    When a T-Mobile "femto-cell" is trying to establish its IPv4, IPSEC tunnel to the T-Mobile provisioning servers, the 4640-byte return packet is silently dropped by the in-kernel NAT, even though it "matches" the outbound packet from less than 100 ms prior. All other operations of the firewall...
  14. Angelo Klin

    IPFW Private VPN + Firewall on a VPS

    Hello All, With all the fuzz and issues with security and privacy these days I decided to give it a go with a VPN, mostly for the fun and challenge. I am partially done with a scenario that sounds very typical these days, although it is not necessary plain vanilla. The overall idea is...
  15. DiscmanDaemon

    RPI3 B some issues with jails

    Hello all, I have been experimenting with running a project that works great on AMD64/X86 on an RPI3 B, and have had some hiccups with jails, and I am wondering if anyone has experienced anything similar, and has any idea as to the cause. I've noticed the standard method of NATting jails on a...
  16. J

    IPFW Cannot Get IPFW NAT to work

    I have spent days trying to get what I thought should be a simple set of ipfw nat rules set up. With less than zero success. I have read the documentation and scoured the web, and I assume I am just missing something. Scenario: I have one NIC card with four public IPs. I am running a bunch...
  17. Kay

    How to jail miniDLNA with NAT

    Hi I'm trying to set up a miniDLNA server inside a jail. When it's inside a jail, my LAN clients cannot access it. But if miniDLNA is installed outside of the jail, my LAN clients can successfully access it. My jail has it's private IP (192.168.60.3) address on host's lo1 interface. I then...
  18. K

    relayd with a source IP NAT?

    I'm attempting to use relayd to act as an extremely simple load-balancer between two machines, however all 3 machines are on entirely different public networks. However, it seems that relayd is just creating a rdr rule in pf, not a nat rule as well, so the packet is redirected but maintains...
  19. S

    IPSec VPN LAN-LAN (Site-Site) for site with dynamic gray IP behind NAT

    Hi There is a case: - HQ with fixed white IP - Site with dynamic gray IP behind NAT (!!!) Need to setup IPSec VNP LAN-LAN to connect site to HQ. I've tried Racoon and succeded with establishing IPSec connection, but LAN-LAN connection wasn't established. The same with StrongSwan - I can see...
  20. A

    iptables: Command not found. Why?!!

    I need to modify the NAT on the vpn server which is a FreeBSD 11.1-STABLE #0 r324546 raspberry Pi 2. It seems not to have iptables command. root@rpi2:~ # iptables -I FORWARD -i tun0 -o ue0 -s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT iptables: Command not found. when I try to install it...
Top