All Questions
28
questions
0
votes
0
answers
96
views
How is it possible that NAT doesn't back translate packets?
I have the following topology
and from myhost I can ping router2 but can't ping router1.
With tcpdump I can observe how my pings go and I see that both router1 and router2 reply. But only replies ...
- 3,285
0
votes
1
answer
906
views
What are the consequences of blocking incoming UDP port 68 on my computer?
In a FreeBSD 13.1 install, I enabled the IPFW firewall and set firewall_type="workstation" in /etc/rc.conf. This allows outgoing requests, while denying incoming requests. When I checked the ...
- 2,978
0
votes
1
answer
35
views
What subsystem is responsible if I can connect via s2s VPN connection only in one direction?
I have configured the following s2s VPN (in pfSense) connection which is working in general.
Unfortunately, I can connect (ping, netcat, ssh) only from client to the server, but not back.
If I can ...
- 3,285
4
votes
1
answer
530
views
Should changing firewall settings to block all interrupt ongoing ssh session
Suppose I am logged into a server via ssh. While in the session, I change the firewall config to block all traffic.
When I tried this previously with FreeBSD and pf, the current connection was broken. ...
- 414
2
votes
0
answers
170
views
ipfw dummynet per ip fair traffic shaping
I want to shape traffic in such way, that no specific user could exhaust WAN connection that much so other users would be affected. I have ISP link with 100Mbits/s bandwidth and sometimes some users ...
- 21
0
votes
1
answer
61
views
Freebsd pfctl firewall problem
I want to block port 3306 for everyone in bsd system and open it for one ip address using a firewall in the freebsd.
I tried something like this but the port closes and the addresses are not open.
##...
- 1
1
vote
1
answer
146
views
Incomplete documentation for FreeBSD ipfw
When I see the official documentation of ipfw or the man pages it seems that it is sometimes incomplete. Specifically, there are a lot of options like,
firewall_myservices
firewall_allowservices
...
- 414
2
votes
2
answers
2k
views
How to find rule by number of pfctl output in FreeBSD?
I have the following excerpt from pfctl -vvss command:
re2 icmp 10.10.0.62:1 <- 192.168.10.56:1 0:0
age 00:08:30, expires in 00:00:05, 192:7 pkts, 14400:584 bytes, rule 117
id: ...
- 3,285
0
votes
1
answer
186
views
I have disabled all rules in firewall, but still can tracert from LAN
I have disabled all positive rules in firewall on my pfSense box, and I can't browse Web, but I still can
tracert 10.10.0.251
from LAN machine and receive 3 hops from my ISP (behind the router).
...
- 3,285
1
vote
3
answers
689
views
Totally open FreeBSD router in VirtualBox
TL;DR - I'd like to set up a FreeBSD VM with one network card on my home LAN (192.168.1.0/24) and one on a private-internal-to-virtualbox network (10.9.9.0/24) and pass any and all traffic back and ...
- 5,015
1
vote
1
answer
537
views
Set $ext_if, $int_if, $localnet in PF
I am currently trying to get familiar with the basics of PF on FreeBSD.
I am trying to setup the most basic example from the PF chapter in the FreeBSD handbook, the simple bruteforce rules:
block ...
1
vote
0
answers
87
views
Can a block rule on PF add the src ip to a table
So on iptables I can make deny rules act as honey pots by adding ip's that hit the rules to a list that another rule is used to block all traffic from.
I am trying to achieve the same thing on PF, ...
- 11
1
vote
0
answers
256
views
PF rule that can match INPUT and OUTPUT interfaces
Is there a way with PfSense (or with a FreeBSD PF cmd line) to make a rule that can match INPUT and OUTPUT interfaces like this one in IPTABLES ?
iptables -A FORWARD -i eth0 -s 192.168.0.1 -o eth1 -j ...
- 505
1
vote
0
answers
1k
views
How to setup port forwarding properly in FreeBsd 11?
I have freebsd 11 on a server where I've installed openVPN and I need to setup VPN properly to put traffic through it. I can't connect to the internet anymore after I've established a connection with ...
- 511
0
votes
1
answer
943
views
pf: Forwarding all packets on port 80 from any interface to SOCKS proxy
I'm trying to forward any packets on port 80 from any interface to my SOCKS proxy (Server). I'm not sure if I have it set up correctly but I can't get it to forward the packets.
I create a SOCKS ...
- 380