Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
computers:truenas:gateway [03-Nov-2021 11:39] – [Activating the Configuration] Steve Joyntcomputers:truenas:gateway [02-Feb-2025 16:14] (current) – external edit 127.0.0.1
Line 70: Line 70:
 <code> <code>
  
-jexec "ioc-${JAIL_NAME:?}" +jexec "ioc-${JAIL_NAME:?}" mkdir -p "${NAT_CONF%/*}"
-  mkdir -p "${NAT_CONF%/*}"+
  
-jexec "ioc-${JAIL_NAME:?}" /bin/sh -c +jexec "ioc-${JAIL_NAME:?}" /bin/sh -c "cat >| ${NAT_CONF:?}" <<END
-"cat >| ${NAT_CONF:?}" +
-<<END+
  
 use_sockets yes use_sockets yes
Line 82: Line 79:
 END END
  
-</code>+# public gateway interface needs nat 
 +jexec "ioc-${JAIL_NAME:?}" sysrc natd_interface="${PUBLIC_INTERFACE:?}"
  
-====== Configuring a Simple Firewall ======+# extra settings for nat are in the file we defined above 
 +jexec "ioc-${JAIL_NAME:?}" sysrc natd_flags="-f ${NAT_CONF:?}"
  
-<code>+</code>
  
-# enable IP forwarding +====== Configure a Simple Firewall ======
-jexec "ioc-${JAIL_NAME:?}" sysrc gateway_enable="YES"+
  
-# enable firewall +> IMPORTANT! 
-jexec "ioc-${JAIL_NAME:?}" sysrc firewall_enable="YES"+> This firewall does not filter any traffic. It allows anything to talk to anything. 
 +> At this stage I just want to trigger NAT as appropriate to allow hosts on different networks to communicate. 
 +> The "realfirewall is provided by my Internet router (which blocks all incoming requests), not this configuration. 
 +> If your TrueNAS box connects directly to the Internet, DO NOT USE THIS EXAMPLE !!! 
 + 
 +<code>
  
 # use the standard firewall template called "open" # use the standard firewall template called "open"
Line 106: Line 109:
  
 <code> <code>
 +
 +# enable IP forwarding
 +jexec "ioc-${JAIL_NAME:?}" sysrc gateway_enable="YES"
 +
 +# enable the firewall service (aka ipfw)
 +jexec "ioc-${JAIL_NAME:?}" sysrc firewall_enable="YES"
 +
 +# enable the NAT service
 +jexec "ioc-${JAIL_NAME:?}" sysrc natd_enable="YES"
  
 # start the firewall & natd   # start the firewall & natd  
Line 111: Line 123:
  
 </code> </code>
 +
 +====== Firewall and Debugging Logs ======
 +
 +If you've turned on any logging for the ipfw service or natd, the output can be seen on the TrueNAS server OUTSIDE THE JAIL in this file...
 +<code>/var/log/security</code>
  
 ====== Credits ====== ====== Credits ======
Line 120: Line 137:
   * [[https://www.freebsd.org/cgi/man.cgi?natd]]   * [[https://www.freebsd.org/cgi/man.cgi?natd]]
   * [[https://www.adminbyaccident.com/freebsd/how-to-freebsd/how-to-configure-the-ipfw-firewall-on-freebsd/]]   * [[https://www.adminbyaccident.com/freebsd/how-to-freebsd/how-to-configure-the-ipfw-firewall-on-freebsd/]]
 +  * [[https://www.asksaro.com/freebsd/setting-up-a-network-gateway-using-ipfw-and-natd/]]
 +
  
  • computers/truenas/gateway.1635939557.txt.gz
  • Last modified: 02-Feb-2025 16:12
  • (external edit)