FreeBSD - Port-Weiterleitung

VM

FreeBSD - Bhyve

FreeBSD - Bhyve

Die Linux-VM mit der IP 192.168.1.200, zu der der Port 24 hin weiter geleitet werden soll:

> grub-bhyve -m device.map -r hd0,msdos1 -M 4G Linux
> bhyve -A -H -P -s 0:0,hostbridge -s 1:0,lpc -s 2:0,virtio-net,tap0 -s 3:0,virtio-blk,./linux.img -l com1,stdio -c 1 -m 4G Linux

allgemeine Einstellungen für die Port-Weiterleitung

/etc/rc.conf

sshd_enable="YES"
gateway_enable="YES"
ipv6_gateway_enable="YES"

PF-Konfiguration

/etc/rc.conf

pf_enable="YES"
pf_rules="/etc/pf.conf"
pflog_enable="YES"
pflog_logfile="/var/log/pflog"

> service pf start
> service pflog start

/etc/pf.conf

NIC_EXT="em0"                   # FreeBSD-Host mit IP = 192.168.1.1
NIC_INT="tap0"                  # Linux-VM mit IP = 192.168.1.200
IP_HOST="192.168.1.1"           # locale IP
IP_VM="192.168.1.200"           # IP in der VM
 
### Rules must be in order: options, normalization, queueing, translation, filtering
rdr log on $NIC_EXT proto { tcp, udp } from any to $IP_HOST port 24 -> $IP_VM port 22
rdr pass on $NIC_EXT proto icmp from any to $IP_HOST -> $IP_VM
set skip on lo0
#block in all
#pass out all keep state
pass out log on $NIC_EXT all
pass in all keep state

> pfctl -e ; pfctl -f /etc/pf.conf

> pfctl -s nat
rdr log on em0 inet proto tcp from any to 192.168.1.1 port = 24 -> 192.168.1.200 port 22
rdr log on em0 inet proto udp from any to 192.168.1.1 port = 24 -> 192.168.1.200 port 22
rdr pass on em0 inet proto icmp from any to 192.168.1.1 -> 192.168.1.200

> pfctl -s states
> pfctl -s info
> pfctl -s Running
> pfctl -s timeouts
> pfctl -s memory
> pfctl -s Interfaces
> pfctl -s all

IPFW-Konfiguration

https://forums.freebsd.org/threads/ipfw-kernel-nat-port-redirection-not-working.76311/

/etc/rc.conf

firewall_enable="YES"
firewall_logging="YES"
firewall_script="/etc/ipfw.rules"
# FIXME: testing out in kernel NAT                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   
firewall_nat_enable="YES"
# FIXME: put NATD back if in kernel NAT doesn't work out                                                                                                                                                                                                                     
natd_enable="NO"

/etc/ipfw.rules

NIC_EXT="em0"                   # FreeBSD-Host mit IP = 192.168.1.1
NIC_INT="tap0"                  # Linux-VM mit IP = 192.168.1.200
IP_HOST="192.168.1.1"           # locale IP
IP_VM="192.168.1.200"           # IP in der VM
 
ipfw flush
ipfw add 20 fwd $IP_HOST,24 ip from any to $IP_VM 22 in $NIC_EXT

> chmod 0755 /etc/ipfw.rules