Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 25 Nov 2016 13:36:20 +0100
From:      "Kristof Provost" <kp@FreeBSD.org>
To:        "Christoph P.U. Kukulies" <kuku@kukulies.org>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: setting up a FreeBSD access point (hostap, natd)
Message-ID:  <C0CDC6A9-FD7B-45CB-8974-ACC4ACA09CAF@FreeBSD.org>
In-Reply-To: <3ffcc5a2-cd4e-bf19-0b41-c28eee4e7ab5@kukulies.org>
References:  <e59e6141-4c83-a3d9-629f-f813625f0d48@kukulies.org> <E2379FBE-2A94-4072-9972-ADEE75BAA1D1@FreeBSD.org> <3ffcc5a2-cd4e-bf19-0b41-c28eee4e7ab5@kukulies.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On 25 Nov 2016, at 12:54, Christoph P.U. Kukulies wrote:
> Am 25.11.2016 um 12:46 schrieb Kristof Provost:
>> nat on re0 inet from 192.168.0.0/24 to any -> (re0)
>
> Thanks. I'll try that. What does (re0) mean (in parens)? Just curious.
>
That rule tells pf to NAT traffic from your internal IP range, and to 
map it onto the IP address assigned to re0.
That’s what the ‘(re0)’ means. You could also do this (assuming 
your WAN IP is 1.2.3.4):

	nat on re0 inet from 192.168.0.0/24 to any -> 1.2.3.4

> Do I have to put anything more into pf.conf?
>
That depends on what you want your firewall to do, but you’ll likely 
want a couple more things, yes.

At a minimum I’d do this:

	set skip on lo0
	scrub on re0 fragment reassemble

	nat on re0 inet from 192.168.0.0/24 to any -> (re0)

	# Example port forwarding rule
	rdr on re0 proto tcp from any to any port 22 -> 192.16.0.10 port 22

	pass in
	pass out

pf is also documented in the handbook:
https://www.freebsd.org/doc/en/books/handbook/firewalls-pf.html

Regards,
Kristof
From owner-freebsd-questions@freebsd.org  Fri Nov 25 15:01:35 2016
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 94401C545E8
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Fri, 25 Nov 2016 15:01:35 +0000 (UTC)
 (envelope-from byrnejb@harte-lyne.ca)
Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca
 [216.185.71.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "inet08.hamilton.harte-lyne.ca",
 Issuer "CA HLL ISSUER 01" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 61B8290D
 for <freebsd-questions@freebsd.org>; Fri, 25 Nov 2016 15:01:35 +0000 (UTC)
 (envelope-from byrnejb@harte-lyne.ca)
Received: from localhost (localhost [127.0.0.1])
 by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id 8DE5B62164
 for <freebsd-questions@freebsd.org>; Fri, 25 Nov 2016 10:01:27 -0500 (EST)
X-Virus-Scanned: amavisd-new at harte-lyne.ca
Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1])
 by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new,
 port 10024)
 with ESMTP id IAAcsfgsSwxl for <freebsd-questions@freebsd.org>;
 Fri, 25 Nov 2016 10:01:22 -0500 (EST)
Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca
 [216.185.71.24])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id 78D1762101
 for <freebsd-questions@freebsd.org>; Fri, 25 Nov 2016 10:01:22 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=harte-lyne.ca;
 s=dkim_hll; t=1480086082;
 bh=OfyQVbkK+DfEdRQB8j1D6wBt67s+d6T1FfXKYmOMxF8=;
 h=Date:Subject:From:To:Reply-To;
 b=EsWJRXH/aa43i0DdVrt24g93e2Jw2Iyh9dXcltm8MFy97AJHFo5LVdXMwcKsU3qlc
 wtWoRsMdLZAyfzkkjCjM70rNZrQCOUCuwn9ZMO1S8bKzPVelXGOHlTpa7eMsq8bnJb
 R0fpBbzJJtTEE16Zfw9NTFIIrxAFVse5RTItZwMPLMMjGG6pgNiR4lVsqbJPYkCPt7
 DZ7ijB9XCTWXpbghba/u73GRc0rKcw3jrYGTpekHcGM3GLm0plyYfYGfbXAeYDxcVo
 Hqjs9sjqptYfe+H/n5TCn9viYZQyIVb/t3VIfBkY7YJ7v+iYBc5RGER9nqqKGN9sKo
 V9AbeJYVUK4qQ==
Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll)
 by webmail.harte-lyne.ca with HTTP; Fri, 25 Nov 2016 10:01:22 -0500
Message-ID: <21900172d2d5d5b4735453e274b5e86c.squirrel@webmail.harte-lyne.ca>
Date: Fri, 25 Nov 2016 10:01:22 -0500
Subject: FreeBSD upgrade 10.3 to 11.0
From: "James B. Byrne" <byrnejb@harte-lyne.ca>
To: freebsd-questions@freebsd.org
Reply-To: byrnejb@harte-lyne.ca
User-Agent: SquirrelMail/1.4.22-4.el6
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>;
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Nov 2016 15:01:35 -0000

I am testing out the procedures to upgrade our existing FreeBSD hosts
from 10.3 to 11.0 using a bhyve guest configured for the purpose.  I
have followed the instructions in the handbook/wiki to the best of my
understanding. I have a question about the last step however.

One is supposed to reinstall all of the port pkgs one has installed. 
Is there an automated way to do this provided by the FreeBSD
community; or is this a case of roll your own script?


-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C0CDC6A9-FD7B-45CB-8974-ACC4ACA09CAF>