commit 919c3c1ac52e165ec1aea37952d43bebf74dd259 Author: Alauddin Maulana Hirzan Date: Thu Jul 25 03:22:44 2024 +0700 Added Configs diff --git a/pf.conf b/pf.conf new file mode 100644 index 0000000..c9d6bcd --- /dev/null +++ b/pf.conf @@ -0,0 +1,40 @@ +table persist + +ext_if = "em0" # macro for external interface - use tun0 for PPPoE +int_if = "bridge0" # macro for internal interface +localnet = $int_if:network +nat on $ext_if from $localnet to any -> ($ext_if) +nat on wg0 from $localnet to any -> (wg0) + +rdr-anchor "rdr/*" + +## Manually Redirect to Jail +# Grafana +rdr pass on em0 inet proto tcp from any to any port = 3000 -> 192.168.200.51 port 3000 +rdr pass on wg0 inet proto tcp from any to any port = 3000 -> 192.168.200.51 port 3000 + +# CouchDB +rdr pass on em0 inet proto tcp from any to any port = 5984 -> 192.168.200.52 port 5984 +rdr pass on wg0 inet proto tcp from any to any port = 5984 -> 192.168.200.52 port 5984 + +# Hosting +# SSH +rdr pass on em0 inet proto tcp from any to any port = 2024 -> 192.168.200.53 port 22 +rdr pass on wg0 inet proto tcp from any to any port = 2024 -> 192.168.200.53 port 22 +# Web +rdr pass on em0 inet proto tcp from any to any port = 8081 -> 192.168.200.53 port 8081 +rdr pass on wg0 inet proto tcp from any to any port = 8081 -> 192.168.200.53 port 8081 +# MariaDB +rdr pass on em0 inet proto tcp from any to any port = 3306 -> 192.168.200.53 port 3306 +rdr pass on wg0 inet proto tcp from any to any port = 3306 -> 192.168.200.53 port 3306 +# Webmin +rdr pass on em0 inet proto tcp from any to any port = 10000 -> 192.168.200.53 port 10000 +rdr pass on wg0 inet proto tcp from any to any port = 10000 -> 192.168.200.53 port 10000 + +# MQTT +rdr pass on em0 inet proto tcp from any to any port = 1883 -> 192.168.200.54 port 1883 +rdr pass on wg0 inet proto tcp from any to any port = 1883 -> 192.168.200.54 port 1883 + +# Uptime-Kuma +rdr pass on em0 inet proto tcp from any to any port = 3001 -> 192.168.200.55 port 3001 +rdr pass on wg0 inet proto tcp from any to any port = 3001 -> 192.168.200.55 port 3001 diff --git a/rc.conf b/rc.conf new file mode 100644 index 0000000..e40c2b6 --- /dev/null +++ b/rc.conf @@ -0,0 +1,39 @@ +clear_tmp_enable="YES" +hostname="FTIK-FreeBSD-Server" +sshd_enable="YES" +moused_enable="YES" +ntpd_enable="YES" +ntpd_sync_on_start="YES" +powerd_enable="YES" +# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable +dumpdev="AUTO" +zfs_enable="YES" + +gateway_enable="YES" + +# Ethernet +ifconfig_em0="DHCP" + +# Wireguard +wireguard_enable="YES" +wireguard_interfaces="wg0" + +# Firewall +pf_enable=yes +pf_rules="/etc/pf.conf" +pflog_enable=yes + +# Bridge +cloned_interfaces="bridge0" +ifconfig_bridge0="inet 192.168.200.1 netmask 255.255.255.0" + +# Bastille +bastille_enable="YES" +bastille_list="couchdb grafana hosting mqtt" + +# Linux Jail +linux_enable="YES" +kld_list="nvidia" + +# TTY +allscreens_flags="-f 8x16"