ipfw

I've been pulling my hair out over this for days! I have a VM, jails on a loopback interface and using IPFW to NAT the traffic. My findings show that it slows to a crawl. I've also tested with PF and it works like a charm. Network speeds within the jail are fine. I've tested this on Vultr...

When a T-Mobile "femto-cell" is trying to establish its IPv4, IPSEC tunnel to the T-Mobile provisioning servers, the 4640-byte return packet is silently dropped by the in-kernel NAT, even though it "matches" the outbound packet from less than 100 ms prior. All other operations of the firewall...

Hello All, With all the fuzz and issues with security and privacy these days I decided to give it a go with a VPN, mostly for the fun and challenge. I am partially done with a scenario that sounds very typical these days, although it is not necessary plain vanilla. The overall idea is...

I don't know if it's Ryzen which is causing this and if it's the Ryzen-bug or if it is something else. Commands like this are causing kernel-panics: ipfw table test create type number algo number:array ipfw table test add 1001 ipfw table test add 1002 ipfw table test add 1003 ipfw table test...

While ipfw supplies me6, I need the list of IPv6 addresses for a specific interface to be used in an ipfw ruleset. "Screen scraping" ifconfig is one option, but having a firewall at the whim of the human-readable output of even ifconfig is concerning. Is there a better way with the "stock"...

I have spent days trying to get what I thought should be a simple set of ipfw nat rules set up. With less than zero success. I have read the documentation and scoured the web, and I assume I am just missing something. Scenario: I have one NIC card with four public IPs. I am running a bunch...

To strength security of the firewall (we all know that ftp is a challenge for firewall security) I want enforce ftp-client establish only a specific port for data. My box is an ftp client in terms of ftp communication. I don't need ftp server on my box (we live in era of cloud services!), but...

Hello, I cannot setup firewall for OpenVPN. I don't know where is problem. Only way to make VPN working is stop IPFW via service ipfw stop. Can someone help me to set correct IPFW rules please? Here is OpenVPN config: port 9066 proto udp4 dev tun server 10.8.0.0 255.255.255.0...

I've been digging into IPv6 lately and have been successful in setting up a working dual-stack network. Altough I'm not pleased with my current setup; that is when it comes down to where the IPv6 address of my gateway box is assigned. I use the isc-dhclient to get a prefix delegation, and rtsold...

Hello, I'm trying to configure IPFW on machine with jail (FreeBSD 11.1) Host have one big lagg0, and when jail starting create alias on this lagg0. lagg0: flags=8843... metric 0 mtu 1500 options=401ba.... ether .... inet 10.10.1.102 netmask 0xffffff00 broadcast 10.10.1.255...

Almost every single ipfw ruleset I create has this as the very first rule: allow tcp from any to any established ... and I just noticed that ipfw allows me to specify a port on this rule: allow tcp from any to any 22 established If I create a new connection to port 22, I need a rule to allow...

For an assignment we have to connect two workstations to the internet through an HP server running BSD. The WS are connected to a switch that runs to eth0(10.0.0.0 network) and eth1 is connected to the schools internet 192.168.175.0 network. Gateway is enabled, the server is connected to the...

I'm running vm-bhyve on freebsd11.1. one IP on igb0. # ifconfig igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=2400b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6> ether 6c:ae:8b:60:07:ca hwaddr...

Hi, please how can i set firewall status to "open"? I tried firewall_type="open" but i still have default rule: deny ip from any to any like firewall_type="close". Please, can you help me?

Good day! Please, help me understand, how setup FreeBSD 11-STABLE amd64 router with several ip addresses on external interface. I have: Provider give me subnet 1.1.1.2/24 gw 1.1.1.1 /etc/rc.conf # Assigned external IP addresses ifconfig_rl0="inet 1.1.1.2/24" ifconfig_rl0_alias0="inet...

I've been trying to setup ssh exclusively over IPV6 but have run in to a few issues. These are the steps I'm following, theoretically this should just work. Which is why I'm baffled at this point. I researched a few guides going back to version 10.3 and the process seems to be as follows...

Hi All! I need to redirect all dns queries to local dns server (unbound) on router with FreeBSD 11 amd + ipfw nat. re0 - intranet [192.168.0.1] alias on re0 for unbound [10.0.0.1] re1 - internet [a.b.c.d] I try in various ways: ${FW} fwd 10.0.0.1,53 all from 192.168.0.0/24 to not 10.0.0.1 53...

I had firefox running. Then in a terminal I added the rule: ipfw add 1001 drop tcp from me to any dst-port 80 setup out via rl0 uid ron Firefox could still visit *any* http site. I exited firefox. I restarted firefox Now firefox could only visit https sites, as I had expected earlier. Is...

Hi guys, I'm trying to figure out is there any relationship between kern.hz parameter and dummynet performance in terms of traffic shaping. Not it's by default = 1000. But is there a need to change it when you have more pps or interrupts? Currently, I'm shaping ~1 Gbit/s of traffic (around...

Hello, i'm trying to forward a range of ports via ipfw, as the man states the syntax should be: With the TCP and UDP protocols, optional ports may be specified as: {port|port-port|port:mask}[,port[,...]] So i've set the following rule: add 018500...