nat

Hi, I am having issues setting up network on a dedicated server. Basic network tests are failing (cf. end of this message) 1/ Here is main objectives Secure both HOST and JAILS Jails must be able to access public IP (Internet) Jails MUST NOT be able to see any other jail than themself NB : I...

Hi guys, so i have an OVH dedicated server, i installed Proxmox on it. I created 2 VMs, one freebsd VM as a firewall / NAT gateway and one Debian server in the same lan as the firewall with the FreeBSD as Gateway. On the FreeBSD VM there are 2 net cards, one for the WAN, one for the LAN. From...

I'm working on setting up my first wireguard server on FreeBSD 13.3. The issue: once I start the wireguard service I can't reach the server anymore, the server still can access the internet but nothing can connect to it. The server is in the cloud. On the same server I'm running an openvpn...

Hi. I was using NAT configuration because I am using wlan0 interface for internet on my PC and it was working well until Bastille changed the pf.conf. I don't have much knowledge about firewalls. I had this line in the pf configuration. nat on wlan0 from {192.168.8.0/24} to any -> (wlan0)...

Hello. I'm trying to set up policy based routing with pf. Here is my routing rule: pass in log (all) quick on { $lan_if $guest_if } route-to {$vps_tun $vps_gw} from any to 104.21.67.120 here is my nat rule: nat log (all) on $vps_tun from any to 104.21.67.120 -> ($vps_tun) it turns into...

Hi. In PF rules, could someone explain the differences between; nat on $ext_if from ($int_if:network) to any -> ($ext_if:0) and nat on $ext_if from ($int_if:network) to any -> ($ext_if:0) port 1024:65535 On the second rule, what does port 1024:65535" actually do in terms of NAT? "$int_if"...

Greetings. I have public NIC with few public IPs assigned; $ext_if = my external NIC with my public Internet addresses $public_IP_1 = one of my public Internet IP (assigned as an alias and working on $ext_if) And 10.10.10.2 is my jail running on FreeBSD 14 host machine. I have the following PF...

Hello dear FreeBSD gurus. Not sure this topic fits in here, feel free to move the topic if it's not correct. What i'm trying to do is to install Caprover (caprover.com) on a guest os on my FreeBSD host machine. I'm doing virtualization with bhyve. This is not the relevant part though ;) So...

Hi there, I am trying to solve a problem with my gateway setup. My FreeBSD machine is basically a gateway RaspberryPI which has two NIC: ue0 (Connected to external network, let's call it Internet) and ue1 (is an interface for internal LAN, dhcpd and dnsmasq spinning on it). My current setup...

Hi all, I am struggling to troubleshoot network connectivity issues on a BastilleBSD nat'd jail created using these instructions: https://docs.bastillebsd.org/en/latest/chapters/networking.html#loopback-bastille0 In the container I can resolve DNS queries (e.g. pinging a url returns a valid...

Hello there. I've a tiny FreeBSD VPS with two jails running within it. I'm reaching out the jails remotely via SSH (First jail: My.public.IP.addr:4215 - 2nd one: my.public.IP.addr:4214) by having the config below. lo1 = My Jails' virtual local interface I created via rc.conf. I don't know if...

I'm missing something obvious. Why NAT doesn't work in a Wireguard server to route clients' traffic? ext_if="vtnet0" wg_clients="10.40.0.0/24" nat on $ext_if inet from $wg_clients to any -> ($ext_if) The server's Wireguard IP address is 10.40.0.1, the client's - 10.40.0.30. Running tcpdump on...

Hi, I have successfully setup NAT on pf with this in /etc/pf.conf file: nat on wlan0 inet from 10.1.1.0/24 to any -> (wlan0) round-robin I am now trying to achieve the same what is available out of the box on VirtualBox - port forwarding. For example one of my Bhyve virtual machines is...

I'm trying to wrap my head around how virtual bridges/switches/tap interfaces work under bhyve. I guess I'm doing something fundamentally stupid here (or my understanding of how this works is fundamentally wrong), but please bear with me... I do use bhyve on a few of my machines, but on those I...

Hello, I have a request. I need to set up NAT on one interface. I am using two addressing schemes in one network: 192.168.2.0/24 and 192.168.8.0/24. This was done previously and I cannot change it at the moment. The router, which is based on FreeBSD, has an address of 192.168.2.1 and an alias on...

Hello, I tried for a quite some time to get it working, but unsuccessful so far. I hope to get some pointers here that will help me to learn more about FreeBSD, wireguard and networking, also the content might be helpful for others browsing the web for solutions. Note that I am very new to...

Situation: VPN server, hosting OpenVPN and L2TP connections. OpenVPN connections share a "utun" interface, one per OpenVPN server process. L2TP connections each get a unique "ppp" interface. Given the variable number & names of virtual interfaces, the easiest way to capture all of the potential...

Hi all, I updated my internet facing router/firewall from 12.2-RELEASE-p11 to the latest 12.3 release: 12.3-RELEASE-p7. I'm using a custom kernel with ALTQ support as it helps with my transfer speeds. More info on this below as I even disabled ALTQ to try to solve this issue. The issue: after...

Hello everyone, Experimenting IPFW, I would really appreciate some help to improve my abilities ! I actually know how to use it as a workstation firewall, but now, I would like to learn how to use it as an easy full firewall (just for experimenting). Here is an easy network map describing what...

I would like to pass incoming packets on a specific port, which is used for NAT, even if these packets don't match a connection from the NAT table. I use a machine with FreeBSD and pf as a router. A PBX on my local network must both reach a phone provider on the internet and be reachable...