I've built a router for my home network using FreeBSD 12, ipfw and in kernel NAT.
It manages to work for most applications, but I can't seem to get video to work with most popular videoconferencing apps (google meet, MS Teams, etc).
I based my firewall config on a ruleset script I found in this post here.
The firewall rules which result from running the script, are:
igb0 is wan interface and igb1 is for the internal LAN.
Any ideas on what might be happening? I suspect that NAT isn't working correctly for UDP traffic.
It manages to work for most applications, but I can't seem to get video to work with most popular videoconferencing apps (google meet, MS Teams, etc).
I based my firewall config on a ruleset script I found in this post here.
The firewall rules which result from running the script, are:
igb0 is wan interface and igb1 is for the internal LAN.
Code:
# ipfw list
00001 allow ip from any to any via lo0
00002 deny ip from any to 127.0.0.0/8
00003 deny ip from 127.0.0.0/8 to any
00004 deny ip from any to ::1
00005 deny ip from ::1 to any
00006 allow ipv6-icmp from :: to ff02::/16
00007 allow ipv6-icmp from fe80::/10 to fe80::/10
00008 allow ipv6-icmp from fe80::/10 to ff02::/16
00009 allow ipv6-icmp from any to any icmp6types 1,2,135,136
00010 deny log ip4 from any to table(ip4-rfc1918) via igb1
00011 deny log ip4 from any to table(ip4-special) via igb1
00012 allow ip from any to any via igb1
00030 deny log ip from any to any not antispoof in recv igb0
00031 deny log ip from any to any ipoptions ssrr,lsrr,rr,ts in recv igb0
00032 deny log ip4 from any to 10.0.0.0/8 in via igb0
00032 deny log ip4 from any to table(ip4-special) in via igb0
00033 abort log sctp from any to any via igb0
00034 deny log tcp from any to any tcpflags !syn,!fin,!ack,!psh,!rst,!urg in recv igb0
00034 deny log tcp from any to any tcpflags !syn,fin,!ack,psh,!rst,urg in recv igb0
00034 deny log tcp from any to any tcpflags syn,fin,ack,psh,rst,urg in recv igb0
00035 deny log ip6 from any to any via igb0
00040 reass ip from any to any in recv igb0
00041 nat 42 ip4 from any to any in recv igb0
00042 check-state :default
00043 deny log tcp from any to any tcpflags syn,!fin,!ack,!psh,!rst,!urg in recv igb0
00044 deny log tcp from any to any tcpflags !syn,!fin,ack,!psh,!rst,!urg in recv igb0
00045 deny log tcp from any to any tcpflags !syn,fin,!ack,!psh,!rst,!urg in recv igb0
00046 deny log tcp from any to any tcpflags !syn,fin,ack,!psh,!rst,!urg in recv igb0
00050 skipto 1000 icmp from any to any out xmit igb0 keep-state :default
00051 allow icmp from any to me icmptypes 8 in recv igb0 keep-state :default
00052 unreach host-prohib log ip from any to table(public-doh-servers) out xmit igb0
00053 skipto 1000 tcp from me to any 53 out xmit igb0 setup keep-state :default
00054 skipto 1000 udp from me to any 53 out xmit igb0 keep-state :default
00055 skipto 1000 udp from me to any 123 out xmit igb0 keep-state :default
00056 deny ip from not me to any 53 out xmit igb0
00060 skipto 1000 tcp from any to any out xmit igb0 setup keep-state :default
00061 skipto 1000 udp from any to any out xmit igb0 keep-state :default
00062 deny tcp from any to any via igb0
00063 deny log udp from any to any via igb0
01000 nat 42 ip4 from any to any out xmit igb0
01001 allow ip from any to any
65535 deny ip from any to anyAny ideas on what might be happening? I suspect that NAT isn't working correctly for UDP traffic.