Nebula Overlay network extended access

[brodiecyber]

Hello everyone

So i need some assistance with a configuration ive been doing some reading before i joined the forums and this is what i need.
I'm coming from a Linux specifically Debian background and am interested in adding a FreeBSD vm in my stack for some networking services as i already us pfsense for my router.

From my understanding iptables is not supported on FreeBSD. FreeBSD uses ipfw and ipw. I'm using the nebula overlay network software in an extended network access configuration using iptables to forward traffic from the nebula network to local network.

Could i please get some assistance with converting these iptables strings to the equivalent in FreeBSD ipfw or ipw commands

sudo iptables -t nat -A POSTROUTING -s  192.168.1.0/24 -d 10.0.0.0/16 -j MASQUERADE
sudo iptables -I FORWARD 1 -s 192.168.1.0/24 -d 10.0.0.0/16 -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

Any help would be appreciated
Thanks

BrodieCyber

 

[SirDice]

FreeBSD uses ipfw and ipw.

and PF. We have three different firewalls to choose from.

Chapter 33. Firewalls

FreeBSD has three firewalls built into the base system: PF, IPFW, and IPFILTER. This chapter covers how to define packet filtering rules, the differences between the firewalls built into FreeBSD and how to use them

docs.freebsd.org

 

[brodiecyber]

SirDice I did not see that coming. ouch!!!

Do you have any recomendations for me to read and wich one best suites my use case so i can start

 

[SirDice]

Do you have any recomendations for me to read

Yes, the handbook, then the various manual pages.

wich one best suites my use case so i can start

They are all suited, it's more a matter of personal preference which one you use.

 

[jbo@]

I did not see that coming. ouch!!!

Most FreeBSD users perceive this as a "nice!" rather than an "ouch!!!".

Do you have any recomendations for me to read and wich one best suites my use case so i can start

Personally, I'm using PF. Other than the FreeBSD handbook and the official PF documentation, I can recommend "The Book of PF".
When using PF on FreeBSD, it's important to note that the implementation deviates from OpenBSD.

 

[brodiecyber]

jbodenmann No offence intended sorry. i was just not expecting a curve ball like that

 

[jbo@]

jbodenmann No offence intended sorry. i was just not expecting a curve ball like that

No offense was perceived - all good

 

[brodiecyber]

Hello I'm back. I've finally got time this week to work on this. With regard to what firewall system I've decided to go with IPFW and have begun trying to figure out what rules will work to pass traffic I HAVE NOT TESTED it yet but I thought it best to document my journey and maybe someone else will find this useful

# NAT nebula up to local network
$cmd 100 nat 1 ip from 192.168.0.1/16 to 10.0.0.0/16 out via $pif

# Pass traffic from nebula to local network
$cmd 101 pass from 192.168.0.1/16 to 10.0.0.0/16 out via $pif keep-state

 

[brodiecyber]

Ive finally got time to continue this. I'm still working on learning ipfw and the progress is good but i haven't given up.

 

[jbo@]

Ive finally got time to continue this. I'm still working on learning ipfw and the progress is good but i haven't given up.

That's the spirit - keep it up!