Tom Alexander
edfdb203a0
Only NAT internal DNS requests.
2023-06-20 13:05:31 -04:00
Tom Alexander
310fea89ae
Fix internal access to DNS server.
2023-06-20 13:05:31 -04:00
Tom Alexander
2e4c2c3f9b
Improve firewall config.
2023-06-20 00:25:16 -04:00
Tom Alexander
6bded8cc7e
Forward port 53 to the public dns server.
2023-06-20 00:25:15 -04:00
Tom Alexander
f10964623d
Add port forwarding for admin_git jail.
2023-06-20 00:25:15 -04:00
Tom Alexander
62ade773d8
Add the admin_git jail.
...
This jail hosts the git repo used for the kubernetes cluster manifests. It lives in a jail instead of inside a git website hosted inside kubernetes because it is needed for the bootstrapping process, creating a chicken-and-egg type of scenario. I figure I can set up mirroring of the git repo to a hosted git website for publishing.
2023-06-20 00:25:15 -04:00
Tom Alexander
0eddc4da52
Proxy arp.
2023-06-17 15:10:06 -04:00
Tom Alexander
6e18f5bc94
Add notes about single-interface kubernetes cluster.
2023-06-17 15:10:06 -04:00
Tom Alexander
bb41cb6a96
Also handle internal connections to port 6443.
2023-06-05 16:39:12 -04:00
Tom Alexander
5f590a8271
Forward port for kubernetes control plane.
2023-06-05 12:48:26 -04:00
Tom Alexander
e49d008d57
Set up the nat_dhcp jail for mrmanager.
2023-05-28 22:48:19 -04:00
Tom Alexander
271428a6f6
Add firewall to mrmanager.
2023-05-28 16:01:02 -04:00
Tom Alexander
8f9440f675
Fix networking to jails.
2023-05-13 14:58:50 -04:00
Tom Alexander
34a1ed73eb
Update firewalls for new unifi controller address.
2023-05-01 21:54:59 -04:00
Tom Alexander
04a8ba064f
This nat rule doesn't seem necessary.
2023-04-27 17:07:04 -04:00
Tom Alexander
8867761939
Transition the home server to the dynamic netgraph devices.
2023-04-27 17:05:33 -04:00
Tom Alexander
24bfa840ff
Starting to transition the home server to the new dynamic netgraph devices.
2023-04-27 17:05:33 -04:00
Tom Alexander
15d5c73b5b
Add commented out jaeger config because it is not working.
2023-04-27 17:05:33 -04:00
Tom Alexander
3dd710eab6
Start of a script for managing bhyve virtual machines.
2023-04-27 17:05:32 -04:00
Tom Alexander
ba7567ad9c
Switch to using a script to dynamically spin up the netgraph bridge for jails.
2023-04-27 17:05:32 -04:00
Tom Alexander
d8e3e61286
Disable vscode install on FreeBSD and add new wireguard tunnels to firewall config.
2023-04-20 22:11:42 -04:00
Tom Alexander
3734f2126c
Update firewall for unifi controller virtual machine.
2023-01-24 00:01:10 -05:00
Tom Alexander
4ace8671d0
Creating the jails.
2022-12-10 20:19:45 -05:00
Tom Alexander
85d9b4a569
Fix sending dns servers in dhcp response.
2022-12-10 17:19:13 -05:00
Tom Alexander
4b4dca9a49
Allow the wireguard interfaces.
2022-12-04 02:12:10 -05:00
Tom Alexander
3dd96dcc2c
Add forwarding for port 8081 to the jail.
2022-11-12 15:11:15 -05:00
Tom Alexander
26f09f811d
Add pf config for jails to homeserver.
2022-11-10 19:24:11 -05:00
Tom Alexander
24e5456fc6
Allow access to port 8081.
2022-11-01 19:39:37 -04:00
Tom Alexander
7bfc817894
Create a netgraph bridge for jails getting full access to NAT.
2022-10-31 22:38:51 -04:00
Tom Alexander
9168cc51cf
Rename the interfaces to make the separate levels more clear.
2022-10-29 23:56:11 -04:00
Tom Alexander
016ed08440
Set up the cloak jail to run wireguard.
2022-10-29 23:56:11 -04:00
Tom Alexander
464d873b31
DNS forwarding working.
2022-10-29 23:56:11 -04:00
Tom Alexander
4de74765af
Switch to a different ip address range.
2022-10-29 23:56:11 -04:00
Tom Alexander
2e893733a8
NAT working but not fail-safe.
...
When the firewall is down, packets still go out wlan0 but with untranslated source ips.
2022-10-29 23:56:11 -04:00
Tom Alexander
487547aeb4
Add odo FreeBSD.
2022-10-15 00:54:11 -04:00
Tom Alexander
6bdbbfa2ac
Create a firewall role that installs a pf.conf on FreeBSD.
...
Does not yet configure pflog nor does it do anything on Linux.
2022-10-12 21:23:40 -04:00