From owner-freebsd-questions@freebsd.org Fri Nov 25 12:36:24 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 24478C543D2 for ; Fri, 25 Nov 2016 12:36:24 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B314DF68 for ; Fri, 25 Nov 2016 12:36:23 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from [10.240.0.153] (vega.codepro.be [IPv6:2a01:4f8:162:1127::3]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id 22D0416266; Fri, 25 Nov 2016 13:36:21 +0100 (CET) From: "Kristof Provost" To: "Christoph P.U. Kukulies" Cc: freebsd-questions@freebsd.org Subject: Re: setting up a FreeBSD access point (hostap, natd) Date: Fri, 25 Nov 2016 13:36:20 +0100 Message-ID: In-Reply-To: <3ffcc5a2-cd4e-bf19-0b41-c28eee4e7ab5@kukulies.org> References: <3ffcc5a2-cd4e-bf19-0b41-c28eee4e7ab5@kukulies.org> MIME-Version: 1.0 X-Mailer: MailMate (2.0BETAr6067) Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Nov 2016 12:36:24 -0000 On 25 Nov 2016, at 12:54, Christoph P.U. Kukulies wrote: > Am 25.11.2016 um 12:46 schrieb Kristof Provost: >> nat on re0 inet from 192.168.0.0/24 to any -> (re0) > > Thanks. I'll try that. What does (re0) mean (in parens)? Just curious. > That rule tells pf to NAT traffic from your internal IP range, and to map it onto the IP address assigned to re0. That’s what the ‘(re0)’ means. You could also do this (assuming your WAN IP is 1.2.3.4): nat on re0 inet from 192.168.0.0/24 to any -> 1.2.3.4 > Do I have to put anything more into pf.conf? > That depends on what you want your firewall to do, but you’ll likely want a couple more things, yes. At a minimum I’d do this: set skip on lo0 scrub on re0 fragment reassemble nat on re0 inet from 192.168.0.0/24 to any -> (re0) # Example port forwarding rule rdr on re0 proto tcp from any to any port 22 -> 192.16.0.10 port 22 pass in pass out pf is also documented in the handbook: https://www.freebsd.org/doc/en/books/handbook/firewalls-pf.html Regards, Kristof From owner-freebsd-questions@freebsd.org Fri Nov 25 15:01:35 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 94401C545E8 for ; Fri, 25 Nov 2016 15:01:35 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca [216.185.71.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "inet08.hamilton.harte-lyne.ca", Issuer "CA HLL ISSUER 01" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 61B8290D for ; Fri, 25 Nov 2016 15:01:35 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from localhost (localhost [127.0.0.1]) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id 8DE5B62164 for ; Fri, 25 Nov 2016 10:01:27 -0500 (EST) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1]) by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IAAcsfgsSwxl for ; Fri, 25 Nov 2016 10:01:22 -0500 (EST) Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca [216.185.71.24]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id 78D1762101 for ; Fri, 25 Nov 2016 10:01:22 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=harte-lyne.ca; s=dkim_hll; t=1480086082; bh=OfyQVbkK+DfEdRQB8j1D6wBt67s+d6T1FfXKYmOMxF8=; h=Date:Subject:From:To:Reply-To; b=EsWJRXH/aa43i0DdVrt24g93e2Jw2Iyh9dXcltm8MFy97AJHFo5LVdXMwcKsU3qlc wtWoRsMdLZAyfzkkjCjM70rNZrQCOUCuwn9ZMO1S8bKzPVelXGOHlTpa7eMsq8bnJb R0fpBbzJJtTEE16Zfw9NTFIIrxAFVse5RTItZwMPLMMjGG6pgNiR4lVsqbJPYkCPt7 DZ7ijB9XCTWXpbghba/u73GRc0rKcw3jrYGTpekHcGM3GLm0plyYfYGfbXAeYDxcVo Hqjs9sjqptYfe+H/n5TCn9viYZQyIVb/t3VIfBkY7YJ7v+iYBc5RGER9nqqKGN9sKo V9AbeJYVUK4qQ== Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll) by webmail.harte-lyne.ca with HTTP; Fri, 25 Nov 2016 10:01:22 -0500 Message-ID: <21900172d2d5d5b4735453e274b5e86c.squirrel@webmail.harte-lyne.ca> Date: Fri, 25 Nov 2016 10:01:22 -0500 Subject: FreeBSD upgrade 10.3 to 11.0 From: "James B. Byrne" To: freebsd-questions@freebsd.org Reply-To: byrnejb@harte-lyne.ca User-Agent: SquirrelMail/1.4.22-4.el6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Nov 2016 15:01:35 -0000 I am testing out the procedures to upgrade our existing FreeBSD hosts from 10.3 to 11.0 using a bhyve guest configured for the purpose. I have followed the instructions in the handbook/wiki to the best of my understanding. I have a question about the last step however. One is supposed to reinstall all of the port pkgs one has installed. Is there an automated way to do this provided by the FreeBSD community; or is this a case of roll your own script? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3