Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
computers:truenas:gateway [03-Nov-2021 11:23] – [Configure NAT] Steve Joyntcomputers:truenas:gateway [02-Feb-2025 16:14] (current) – external edit 127.0.0.1
Line 70: Line 70:
 <code> <code>
  
-jexec "ioc-${JAIL_NAME:?}" +jexec "ioc-${JAIL_NAME:?}" mkdir -p "${NAT_CONF%/*}"
-  mkdir -p "${NAT_CONF%/*}"+
  
-jexec "ioc-${JAIL_NAME:?}" /bin/sh -c +jexec "ioc-${JAIL_NAME:?}" /bin/sh -c "cat >| ${NAT_CONF:?}" <<END
-"cat >| ${NAT_CONF:?}" +
-<<END+
  
 use_sockets yes use_sockets yes
Line 81: Line 78:
  
 END END
 +
 +# public gateway interface needs nat
 +jexec "ioc-${JAIL_NAME:?}" sysrc natd_interface="${PUBLIC_INTERFACE:?}"
 +
 +# extra settings for nat are in the file we defined above
 +jexec "ioc-${JAIL_NAME:?}" sysrc natd_flags="-f ${NAT_CONF:?}"
  
 </code> </code>
  
-====== Activating the Configuration ======+====== Configure a Simple Firewall ====== 
 + 
 +> IMPORTANT! 
 +> This firewall does not filter any traffic. It allows anything to talk to anything. 
 +> At this stage I just want to trigger NAT as appropriate to allow hosts on different networks to communicate. 
 +> The "real" firewall is provided by my Internet router (which blocks all incoming requests), not this configuration. 
 +> If your TrueNAS box connects directly to the Internet, DO NOT USE THIS EXAMPLE !!!
  
 <code> <code>
  
-enable IP forwarding +use the standard firewall template called "open
-jexec "ioc-${JAIL_NAME:?}+jexec "ioc-${JAIL_NAME:?}" sysrc firewall_script="/etc/rc.firewall
-  sysrc gateway_enable="YES" +jexec "ioc-${JAIL_NAME:?}" sysrc firewall_type="open"
-   +
-# enable firewall +
-jexec "ioc-${JAIL_NAME:?}" +
-  sysrc firewall_enable="YES" +
- +
-# name of firewall config +
-jexec "ioc-${JAIL_NAME:?}" +
-  sysrc firewall_type="${FIREWALL_CONF:?}"+
  
 # log more while testing, or be quiet in normal operation? # log more while testing, or be quiet in normal operation?
-jexec "ioc-${JAIL_NAME:?}" +jexec "ioc-${JAIL_NAME:?}" sysrc firewall_quiet="YES"
-  sysrc firewall_quiet="YES"+
  
-# enable the NAT service +</code>
-jexec "ioc-${JAIL_NAME:?}"+
-  sysrc natd_enable="YES"+
  
-# public gateway needs nat +====== Activating the Configuration ======
-jexec "ioc-${JAIL_NAME:?}"+
-  sysrc natd_interface="${PUBLIC_INTERFACE:?}"+
  
-extra settings for nat +<code> 
-jexec "ioc-${JAIL_NAME:?}" \ + 
-  sysrc natd_flags="-${NAT_CONF:?}"+enable IP forwarding 
 +jexec "ioc-${JAIL_NAME:?}" sysrc gateway_enable="YES" 
 + 
 +# enable the firewall service (aka ipfw) 
 +jexec "ioc-${JAIL_NAME:?}" sysrc firewall_enable="YES" 
 + 
 +# enable the NAT service 
 +jexec "ioc-${JAIL_NAME:?}" sysrc natd_enable="YES"
  
 # start the firewall & natd   # start the firewall & natd  
-jexec "ioc-${JAIL_NAME:?}" +jexec "ioc-${JAIL_NAME:?}" service ipfw start
-  service ipfw start+
  
 </code> </code>
 +
 +====== Firewall and Debugging Logs ======
 +
 +If you've turned on any logging for the ipfw service or natd, the output can be seen on the TrueNAS server OUTSIDE THE JAIL in this file...
 +<code>/var/log/security</code>
  
 ====== Credits ====== ====== Credits ======
Line 130: Line 137:
   * [[https://www.freebsd.org/cgi/man.cgi?natd]]   * [[https://www.freebsd.org/cgi/man.cgi?natd]]
   * [[https://www.adminbyaccident.com/freebsd/how-to-freebsd/how-to-configure-the-ipfw-firewall-on-freebsd/]]   * [[https://www.adminbyaccident.com/freebsd/how-to-freebsd/how-to-configure-the-ipfw-firewall-on-freebsd/]]
 +  * [[https://www.asksaro.com/freebsd/setting-up-a-network-gateway-using-ipfw-and-natd/]]
 +
  
  • computers/truenas/gateway.1635938632.txt.gz
  • Last modified: 02-Feb-2025 16:12
  • (external edit)