nat

  1. K

    PF Quick pf.conf review?

    Hello there. I've a tiny FreeBSD VPS with two jails running within it. I'm reaching out the jails remotely via SSH (First jail: My.public.IP.addr:4215 - 2nd one: my.public.IP.addr:4214) by having the config below. lo1 = My Jails' virtual local interface I created via rc.conf. I don't know if...
  2. aragats

    PF NAT to route Wireguard clients' traffic

    I'm missing something obvious. Why NAT doesn't work in a Wireguard server to route clients' traffic? ext_if="vtnet0" wg_clients="10.40.0.0/24" nat on $ext_if inet from $wg_clients to any -> ($ext_if) The server's Wireguard IP address is 10.40.0.1, the client's - 10.40.0.30. Running tcpdump on...
  3. vermaden

    Solved Port Forwarding into NAT Bhyve VM under pf(4) Firewall

    Hi, I have successfully setup NAT on pf with this in /etc/pf.conf file: nat on wlan0 inet from 10.1.1.0/24 to any -> (wlan0) round-robin I am now trying to achieve the same what is available out of the box on VirtualBox - port forwarding. For example one of my Bhyve virtual machines is...
  4. Y

    bhyve with wlan0 NAT for my guests

    I'm trying to wrap my head around how virtual bridges/switches/tap interfaces work under bhyve. I guess I'm doing something fundamentally stupid here (or my understanding of how this works is fundamentally wrong), but please bear with me... I do use bhyve on a few of my machines, but on those I...
  5. C

    Solved PF NAT on one interface.

    Hello, I have a request. I need to set up NAT on one interface. I am using two addressing schemes in one network: 192.168.2.0/24 and 192.168.8.0/24. This was done previously and I cannot change it at the moment. The router, which is based on FreeBSD, has an address of 192.168.2.1 and an alias on...
  6. R

    Not able to get wireguard split tunnel to work

    Hello, I tried for a quite some time to get it working, but unsuccessful so far. I hope to get some pointers here that will help me to learn more about FreeBSD, wireguard and networking, also the content might be helpful for others browsing the web for solutions. Note that I am very new to...
  7. J

    PF pf rule to NAT all interfaces except en0 and en1

    Situation: VPN server, hosting OpenVPN and L2TP connections. OpenVPN connections share a "utun" interface, one per OpenVPN server process. L2TP connections each get a unique "ppp" interface. Given the variable number & names of virtual interfaces, the easiest way to capture all of the potential...
  8. repcsi

    PF Update from 12.2-RELEASE-p11 to 12.3-RELEASE-p7 broke my PF internet router/firewall

    Hi all, I updated my internet facing router/firewall from 12.2-RELEASE-p11 to the latest 12.3 release: 12.3-RELEASE-p7. I'm using a custom kernel with ALTQ support as it helps with my transfer speeds. More info on this below as I even disabled ALTQ to try to solve this issue. The issue: after...
  9. T

    IPFW IPFW server, acting as a firewall (how to pass traffic ?)

    Hello everyone, Experimenting IPFW, I would really appreciate some help to improve my abilities ! I actually know how to use it as a workstation firewall, but now, I would like to learn how to use it as an easy full firewall (just for experimenting). Here is an easy network map describing what...
  10. maxmrkwrt

    PF Allow incoming packets on a port used for NAT

    I would like to pass incoming packets on a specific port, which is used for NAT, even if these packets don't match a connection from the NAT table. I use a machine with FreeBSD and pf as a router. A PBX on my local network must both reach a phone provider on the internet and be reachable...
  11. HL1234

    Get my NAT IPFW firewall for jail not to work from outside

    Hello, in short: A Jail is installed. Can start and stop and connect to it. Inside its running an Apache web server. Some simple Website exists. Starting the jail and make a test like this works: printf "HEAD / HTTP/1.1\r\nHost: <www.example.com>t\r\n\r\n" also telnet <www.example.com> 80...
  12. Rudy

    Solved NAT + IPSEC ... can't get it to work

    At an office, a FreeBSD router is set up using ipfw and nat. This part works great and has for years. We added an ipsec tunnel for a remote network. I have the tunnel up, and can ping from the internal interface (em1 172.31.0.200) to the remote IP 10.4.4.4, no problem. For the nat, I set up...
  13. DrAngel

    Solved FreeBSD+OpenVPN+nat/fwd = not forward for WWW-server

    Good day everyone! Can't beat the following problem. Internet -> router (x.x.x.x/192.168.1.1) -> ASC server {FreeBSD12+ipfw/nat/fwd (192.168.1.12|If_Inet) + OpenVPN server (192.168.101.1|If_VPN)} -> ADM server {OpenVPN client (192.168.101.6|If_VPN) + FreeBSD12 www-server (Ip_WWW)} ->...
  14. Sivan!

    Is there a way to "mask" a DHCP assigned IP address in a personal computer?

    I do not have a static IP for my computer connected by fiber to home. My ISP assigns an IP address by DHCP, is there a way of making my ISP's router at my home remember the address assigned to me by local settings? I do not fully understand but this URL to a how-to guide points to a method...
  15. F

    Solved OpenVPN + NAT + routing

    Hi, everyone. Seems like between the times I DO the PF config, I forget something very important :) Anyway. My box has 3 NICs. There is WAN and LAN ethernets, then there is a WIFI AP managed by hostapd. And here is my /etc/pf.conf: out_if = "igb0" lan_if = "igb1" wifi_if = "wlan0" nonroute =...
  16. G

    Solved Bridging dissimilar networks/NAT configuration

    I am attempting to create a virtual network on VMware using FreeBSD as a router and a firewall. I am relatively new to many of the concepts involved here. I have FreeBSD currently setup as a DHCP server on my vlan(I will eventually switch to static networking), it is issuing addresses on a...
  17. T

    PF Jail pinging host public ip but not able to access the cloud - VNET

    I have an issue forwarding the packets to the cloud from the jail. I have tested Netgraph and epair with the same result. I have enabled nat in sysctl.conf>> net.inet.ip.forwarding=1 I have disabled PF totally and tried with nat enabled nat on $ext_if inet from $jail_if to any -> ($ext_if) In...
  18. alfa

    FreeBSD IPsec enc0 NAT not works this is the problem

    Hi, i have trouble with Ipsec & pf enc0 nat problem . I show you my problematic scenerio below any help would be appreciated at this point STRONGSWAN CONFIGURATION alfa7000 { fragmentation = yes unique = replace version = 1 aggressive = no proposals...
  19. I

    is it possible to port forward using ppp nat ??

    Hello everyone ! I need to port forward 3074 from destination external device (tun0) to internal device which (em0) but I need it using ppp nat. I enabled ppp nat in rc.conf and it masquerade tun0 device from internal device now I need to port forward I tried with PF but it gives me strict nat...
  20. S

    PF [Still Unsolved] Redirect port from VPS to home server without using NAT

    HTTP(S) is just an example, I have many other services that wouldn't be able to communicate the real IP via a proxy, therefore PF solution is a must. I am referring to RDR and NAT as they are understood in the context of pf.conf (i.e. I mean the RDR and NAT statements). Both my VPS and Home...
Top