Differences

This shows you the differences between two versions of the page.

--- computers:truenas:gateway [03-Nov-2021 11:23] – [Configure NAT] Steve Joynt
+++ computers:truenas:gateway [02-Feb-2025 16:14] (current) – external edit 127.0.0.1
@@ Line 70: / Line 70: @@
 <code>
-jexec "ioc-${JAIL_NAME:?}" \
+jexec "ioc-${JAIL_NAME:?}" mkdir -p "${NAT_CONF%/*}"
-  mkdir -p "${NAT_CONF%/*}"
-jexec "ioc-${JAIL_NAME:?}" /bin/sh -c \
+jexec "ioc-${JAIL_NAME:?}" /bin/sh -c "cat >| ${NAT_CONF:?}" <<END
-"cat >| ${NAT_CONF:?}" \
-<<END
 use_sockets yes
@@ Line 82: / Line 79: @@
 END
-natd_enable="YES"
+# public gateway interface needs nat
-natd_flags="-f /usr/local/etc/fw/nat.conf"
+jexec "ioc-${JAIL_NAME:?}" sysrc natd_interface="${PUBLIC_INTERFACE:?}"
-natd_interface="epair1b"
-natd_program="/sbin/natd"
+# extra settings for nat are in the file we defined above
+jexec "ioc-${JAIL_NAME:?}" sysrc natd_flags="-f ${NAT_CONF:?}"
+</code>
+====== Configure a Simple Firewall ======
+> IMPORTANT!
+> This firewall does not filter any traffic. It allows anything to talk to anything.
+> At this stage I just want to trigger NAT as appropriate to allow hosts on different networks to communicate.
+> The "real" firewall is provided by my Internet router (which blocks all incoming requests), not this configuration.
+> If your TrueNAS box connects directly to the Internet, DO NOT USE THIS EXAMPLE !!!
+<code>
+# use the standard firewall template called "open"
+jexec "ioc-${JAIL_NAME:?}" sysrc firewall_script="/etc/rc.firewall"
+jexec "ioc-${JAIL_NAME:?}" sysrc firewall_type="open"
+# log more while testing, or be quiet in normal operation?
+jexec "ioc-${JAIL_NAME:?}" sysrc firewall_quiet="YES"
 </code>
@@ Line 96: / Line 111: @@
 # enable IP forwarding
-jexec "ioc-${JAIL_NAME:?}" \
+jexec "ioc-${JAIL_NAME:?}" sysrc gateway_enable="YES"
-  sysrc gateway_enable="YES"
-# enable firewall
-jexec "ioc-${JAIL_NAME:?}" \
-  sysrc firewall_enable="YES"
-# name of firewall config
+# enable the firewall service (aka ipfw)
-jexec "ioc-${JAIL_NAME:?}" \
+jexec "ioc-${JAIL_NAME:?}" sysrc firewall_enable="YES"
-  sysrc firewall_type="${FIREWALL_CONF:?}"
-# log more while testing, or be quiet in normal operation?
-jexec "ioc-${JAIL_NAME:?}" \
-  sysrc firewall_quiet="YES"
 # enable the NAT service
-jexec "ioc-${JAIL_NAME:?}" \
+jexec "ioc-${JAIL_NAME:?}" sysrc natd_enable="YES"
-  sysrc natd_enable="YES"
-# public gateway needs nat
-jexec "ioc-${JAIL_NAME:?}" \
-  sysrc natd_interface="${PUBLIC_INTERFACE:?}"
-# extra settings for nat
-jexec "ioc-${JAIL_NAME:?}" \
-  sysrc natd_flags="-f ${NAT_CONF:?}"
 # start the firewall & natd
-jexec "ioc-${JAIL_NAME:?}" \
+jexec "ioc-${JAIL_NAME:?}" service ipfw start
-  service ipfw start
 </code>
+====== Firewall and Debugging Logs ======
+If you've turned on any logging for the ipfw service or natd, the output can be seen on the TrueNAS server OUTSIDE THE JAIL in this file...
+<code>/var/log/security</code>
 ====== Credits ======
@@ Line 137: / Line 137: @@
   * [[https://www.freebsd.org/cgi/man.cgi?natd]]
   * [[https://www.adminbyaccident.com/freebsd/how-to-freebsd/how-to-configure-the-ipfw-firewall-on-freebsd/]]
+  * [[https://www.asksaro.com/freebsd/setting-up-a-network-gateway-using-ipfw-and-natd/]]