nat

  1. dave

    PF pf: NAT Multiple Internal (LAN) Interfaces

    Hello, I cannot seem to find information on how to perform NAT for multiple internal (LAN) interfaces with pf. I have a very simple set of rules for performing basic NAT: # Definitions ext_if = "wlan0" # macro for external interface - use tun0 for PPPoE int_if = "ue0" #...
  2. T

    Networking Structure for VM Host

    Hello, I'm currently running a server based on FreeBSD 10.3. I'm using jails to separate all the running services. Since I only have one public IPv4 address, I use PF and a nginx-proxy to redirect to the specific jails inside the NAT. My plan is to use 11.0 and it's enhanced bhyve features to...
  3. I

    Solved NAT with forwarding is not working

    Hi guys! I've been a couple of days trying to set up a router in a virtual network using FreeBSD and I can't get it work I'm afraid. A quick summary of what I have and what I want to achieve: I have 2 interfaces: xn0, which is the external interface, and bridge0 which is internal. The...
  4. hsw

    IPFW NAT failing with nginx+ssl

    I set up a digital Ocean droplet with 10.3-zfs, installed iocage and copied in an working 10.3 jail that has nginx already setup. The jails IP is assigned to tap0 and I am trying to use IPFW+NAT to create a stateful firewall to allow the jail limited external access. With SSL off there is no...
  5. ikanobori

    IPFW IPFW/NAT and Jails having many out-of-order and reassembled TCP packets

    Hi, Traffic coming out of my jails seems to be very slow so I ran a tcpdump on my external interface to see what is going on and I get a whole slew of TCP Out of Order and TCP Duplicate ACK in Wireshark. I am talking pages full when any traffic is going out of the jails. Traffic going into the...
  6. scrappywan

    FreeBSD VPS Jailed Web Servers Network Isolation

    I have a VPS on Digitalocean which I used mfsbsd to reinstall FreeBSD with ZFS/zroot with PF as my firewall. My plan with this VPS is to run wordpress, a static site and owncloud each in their own jails. Currently, I use nginx on the host machine running as a reverse proxy, intercepting https...
  7. olav

    IPFW Is my IPFW NAT setup ok?

    Hello everyone, over this weekend I spent some time by replacing my PFSense firewall with a FreeBSD IPFW one. Mostly because I wanted the flexibility that comes with FreeBSD and that I can install all kind of third party software on the same machine as it has plenty of available resources...
  8. fnoyanisi

    Solved Cannot get bhyve guest network working

    Hi there, I have a VM running FreeBSD-CURRENT in bhyve but I could not get the network working properly. I created tap0 and bridge0 interfaces as described in the relevant chapter of the handbook. I have only a wireless NIC, so I followed the advice in bhyve wiki page and created proper pf...
  9. unknownuser

    Solved FreeBSD VM guest's jail can't be resolved from host

    Hello everyone. I will try to explain my setup as clear as I can. I have a Windows 10 Workstation where I run a FreeBSD VM on VMWare 12. This FreeBSD VM is meant to run multiple Apache/PHP/Wordpress instances on multiple jails. The FreeBSD guest is bridged through the HOST Ethernet NIC, where...
  10. M

    IPFW PF & IPFW: packet passing order

    Hi, I want to setup PF for round-robin NAT and ipfw for traffic shaping and filtering, but I can't find an appropriate description of a packet trip through firewalls in FreeBSD. So if I'll specify in rc.conf: firewall_enable="YES" dummynet_enable="YES" pf_enable="YES" will it mean that packet...
  11. D

    Virtualbox NAT and host network separation

    Dear FreeBSD users, I am running FreeBSD 10.1-RELEASE as a host for emulators/virtualbox and created a guest with Kali Linux for security testing purpose. The guest has networking configured with default Virtualbox NAT (IP: 10.0.2.15 GW:10.0.2.2) My host local network IP is 192.168.0.10 and my...
  12. O

    IPFW Forward all traffic arriving on a specific IP through VPN

    Hi, I have the following setup: - Server with 1 interface having 5 IPs assigned, running OpenVPN-Server - Client with 1 interface behind a router, running OpenVPN-Client The OpenVPN-Connection works fine. I now want to route all traffic arriving on one of the 5 IPs of the server through the...
  13. M

    Protection against Fingerprinting

    First of all sorry for my english. Recently I have read many tutorials about passive methods of detection kinds of systems and theirs number behind NAT. It depends on sniffing headers of TCP/IP packets (ttl, window size, tcp stack in general) As I know NAT only changes source/destination...
Top