ipfw

  1. P

    IPFW FreeBSD PPPoe Port Forwarding

    SRV1:FreeBSD 10.3,IP:10.0.0.1,PPPOe ADSL(ppp),ethernetx1:fxp0 SRV2:FreeBSD 10.3,IP:10.0.0.2 [Goals] port forwarding: SRV1 [port:8922] ----> SRV2 [port:22] SRV [port:8080] ----> SRV2 [port:80] I am experimenting with port forwarding and I have spent few weeks to resolve this. After Googling...
  2. B

    IPFW ipfw nat stateful redirect of a port

    Hello everyone! I have few network services running in jailed configuration on a server, and I use ipfw to protect the server against possible attacks, and to provide its local clients with access to internet. The goal I want to achieve is redirection of some ports of jailed services to the...
  3. S

    IPFW Block all ports&connections but allow only this port

    Hi, i have a problem, i want to block all ports but allow port 25. I trying some rules but not working it. Please, can you help me? Here is my try: #!/bin/sh ipfw -q -f flush cmd="ipfw add" $cmd 00010 check-state $cmd 00020 deny ip from any to any #SSH $cmd 11020 allow tcp from any to any...
  4. hsw

    IPFW NAT failing with nginx+ssl

    I set up a digital Ocean droplet with 10.3-zfs, installed iocage and copied in an working 10.3 jail that has nginx already setup. The jails IP is assigned to tap0 and I am trying to use IPFW+NAT to create a stateful firewall to allow the jail limited external access. With SSL off there is no...
  5. 1

    IPFW Rules for jails

    Hello. I can not figure out how to block access in and out of jail. I could only find what jail is not have a firewall. Configure the system should be in the form of parental rules: # ipfw add 00001 tcp any to any jail 1. In manual ipfw about it almost nothing. Tell me how to properly...
  6. ikanobori

    IPFW IPFW/NAT and Jails having many out-of-order and reassembled TCP packets

    Hi, Traffic coming out of my jails seems to be very slow so I ran a tcpdump on my external interface to see what is going on and I get a whole slew of TCP Out of Order and TCP Duplicate ACK in Wireshark. I am talking pages full when any traffic is going out of the jails. Traffic going into the...
  7. olav

    IPFW Is my IPFW NAT setup ok?

    Hello everyone, over this weekend I spent some time by replacing my PFSense firewall with a FreeBSD IPFW one. Mostly because I wanted the flexibility that comes with FreeBSD and that I can install all kind of third party software on the same machine as it has plenty of available resources...
  8. J

    Other Custom module for firewall?

    I am returning to a project which used to use IPFilter to take raw packets passed straight through from a modem. It would filter and route accordingly over several interfaces to insure an isolated set of trusted and untrusted subnets over those separate interfaces (including to a honeypot)...
  9. T

    IPFW Stateful firewall with OpenVPN and in-kernel NAT

    Having a bit of a time getting stateful firewall with OpenVPN and in-kernel NAT to work, which is a few lines of iptables rules on Linux: *nat :pREROUTING ACCEPT [0:0] :pOSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE -A POSTROUTING -s...
  10. S

    IPFW IPFW Rules

    Hi Team, I want to understand the IP firewall rules. Consider the below rule ipfw allow tcp/udp from any to me What this rule will do? What me refers here? Is it IP address of my system that apply firewall rules? Or MAC address of the interface? I am using 4.2 FreeBSD stack. I am trying to...
  11. M

    IPFW PF & IPFW: packet passing order

    Hi, I want to setup PF for round-robin NAT and ipfw for traffic shaping and filtering, but I can't find an appropriate description of a packet trip through firewalls in FreeBSD. So if I'll specify in rc.conf: firewall_enable="YES" dummynet_enable="YES" pf_enable="YES" will it mean that packet...
  12. C

    Solved My 1st FreeBSD server shows blocked msgs from ports 546,547, and 5355

    Hi everyone! I just setup my very first FreeBSD server on a VPS and everything is going great but I noticed in my /var/log/security log that there is lots of IPFW Deny messages for ports UDP 546, 547, and 5535 for IPv6. I looked those ports up and they seem to be related to dhclient? My IPv6...
  13. FKEinternet

    Solved ipfw vs. ping puzzle

    My servers Dreamer and Wren each have two interfaces, connected to two routers. The re0 interfaces are connected to the 192.168.14.* subnet, and the re1 interfaces are connected to the 192.168.1.* subnet. The 192.168.1.* subnet originates at a Verizon router, which is also upstream from an...
  14. dave

    IPFW Simple IPFW Setup From Handbook Locks Me Out

    Hello, /etc/rc.conf firewall_enable="YES" firewall_type="open" ...followed by... sudo service ipfw start ...results in immediate loss of all connectivity. Am I missing something? FreeBSD 10.2-RELEASE-p7
  15. J

    IPFW Ordering of ipfw rules and sets

    Hi, this is a question about the ordering of ipfw rules. As stated in the documentation ( https://www.freebsd.org/doc/handbook/firewalls-ipfw.html ), the ipfw command syntax is: CMD RULE_NUMBER set SET_NUMBER ACTION log LOG_AMOUNT PROTO from SRC SRC_PORT to DST DST_PORT OPTIONS Does the...
  16. J

    IPFW ipfw stateful ftp?

    Hi everyone, I'm new to this forum and I got into FreeBSD only a few weeks ago (I used Linux before that). I'm trying to set up a minimal firewall configuration for a remote computer. Here is the script in my /etc/ipfw.rules file. #!/usr/bin/env bash nic=`netstat -r | awk '/^default/ {print...
  17. A

    IPFW natd to ipfw nat

    Hello there, I just deployed simple private OpenVPN service by following instructions from: https://www.digitalocean.com/community/tutorials/how-to-configure-and-connect-to-a-private-openvpn-server-on-freebsd-10-1 Well, everything seems to be fine ... except I observed that 'natd' process...
  18. xoptov

    Solved ipfw0: That device doesn't support promiscuous mode

    Hello! I have very strange issue with ipfw0. My kernel has options IPFIREWALL and IPFIREWALL_VERBOSE but when I try listen ipfw0 interface see warning in my console: tcpdump: WARNING: ipfw0: That device doesn't support promiscuous mode (BIOCPROMISC: Invalid argument) What is I can fix for...
  19. AlexUnix

    IPFW IPFW Kernel NAT is not working

    Please help. I have version 10.2-RELEASE with kernel NAT configured. Ping request pass to external adapter, but don't route back to internal. Internal (ue1): # tcpdump -ni ue1 | grep 5.255.255.5 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ue1...
  20. B

    Solved Basic firewall config for a host

    Hello, everyone, and nice to meet you! I am new to FreeBSD (so fresh that I'm downloading the ISO as I write, that means I've never used FreeBSD before). I come from the Linux world and one of the first things I do when I install a distro, before going to update and configure it, is to set up...
Back
Top