Hello dear FreeBSD community 
As title say, im looking how to pass communication between two internal interfaces (wg0 as wireguard interface) and bridge0 (as samba service interface) e.g. i will be able to connect to wireguard(work) from peer and connect to samba on (192.168.10.2) via wireguard connection
System has three interfaces:
Test command on Host machine:
# nc -4 -v -z -s 192.168.100.1 192.168.10.2 139
pf log
pf.conf
My internal network looks like:
System:
Guys, thanks for cooperation and have a nice day
M.
As title say, im looking how to pass communication between two internal interfaces (wg0 as wireguard interface) and bridge0 (as samba service interface) e.g. i will be able to connect to wireguard(work) from peer and connect to samba on (192.168.10.2) via wireguard connection
System has three interfaces:
- ix0:192.168.1.2 (ext interface)
- bridge0:192.168.10.2 (int interface)
- wg0:192.168.100.1 (int interface)
Test command on Host machine:
# nc -4 -v -z -s 192.168.100.1 192.168.10.2 139
pf log
Code:
00:00:20.608018 rule 0/0(match): block out on wg0: 192.168.10.2.139 > 192.168.100.1.30033: Flags [S.], seq 3536654116, ack 3715702619, win 65535, options [mss 1380,nop,wscale 6,sackOK,TS val 4142666928 ecr 2764668060], length 0
00:00:01.021621 rule 0/0(match): block out on wg0: 192.168.10.2.139 > 192.168.100.1.30033: Flags [S.], seq 3536654116, ack 3715702619, win 65535, options [mss 1380,nop,wscale 6,sackOK,TS val 4142667949 ecr 2764669081], length 0pf.conf
Code:
ext_if = "ix0"
in_if_br = "bridge0"
in_if_wg = "wg0"
tcp_services = "{ 22 25 53 80 443 }"
udp_services = "{ 53 123 }"
tcp_samba_service = "{ 139 445 }"
udp_samba_service = "{ 137 138 }"
set skip on lo
set loginterface $ext_if
scrub in all random-id fragment reassemble
scrub out all random-id fragment reassemble
block log all
antispoof quick for $ext_if
antispoof quick for { lo $ext_if }
pass in quick on $ext_if inet proto icmp from any to ($ext_if) icmp-type echoreq
# enable default output
pass out quick on $ext_if inet proto tcp from ($ext_if) to any port $tcp_services
pass out quick on $ext_if inet proto udp from ($ext_if) to any port $udp_services
pass out quick on $ext_if inet proto tcp from ($in_if_br) to any port $tcp_samba_service
pass out quick on $ext_if inet proto udp from ($in_if_br) to any port $udp_samba_service
pass out quick on $ext_if inet proto udp from ($ext_if) to any port 51820
pass in quick on $ext_if inet proto tcp from any to ($ext_if) port { 22 80 443 }
pass in quick on $ext_if inet proto tcp from any to ($in_if_br) port $tcp_samba_service
pass in quick on $ext_if inet proto udp from any to ($in_if_br) port $udp_samba_service
pass in quick on $ext_if inet proto udp from any to ($ext_if) port 51820
# WIREGUARD <-----> BRIDGE
pass on $in_if_wg inet proto tcp to ($in_if_br) port $tcp_samba_service
pass on $in_if_wg inet proto udp to ($in_if_br) port $udp_samba_service
pass on $in_if_br inet proto tcp to ($in_if_wg) port $tcp_samba_service
pass on $in_if_br inet proto udp to ($in_if_wg) port $udp_samba_serviceMy internal network looks like:
Code:
[provider]------(wan0)[router/firewall](lan0)------(ix0:192.168.1.2)[FreeBSD](wg0, bridge0)
(lan1)------(:192.168.1.100)Computer1
(lan2)------(:192.168.1.101)Computer2System:
Code:
FreeBSD 12.2-RELEASE-p3Guys, thanks for cooperation and have a nice day
M.