A. M. H.Aug 9, 2025

I really want to create my own simple router with FreeBSD for NIDS use. However, that's a future wish that I want to do later. My current target is to create a simulation with multiple jails that act as clients and routers. With IPv6 addressing, I want to connect them and pass the traffic between different networks. My current problem is how to do packet forwarding(?) like a normal router does. But I want to do it FreeBSD style. Any hints or help are appreciated

My current knowledge: I am familiar with basic jail, the epair mechanism, and a small bit of pf configurations.

#freebsd #ipv6 #router

Show threadDavid Chisnall (*Now with 50% more sarcasm!*)Aug 9, 2025
@maulanahirzan The thing to search for is netgraph. That’s the framework for assembling simulated networks on FreeBSD.
Show threadA. M. H.Aug 9, 2025
@david_chisnall I am learning netgraph at the moment. I am a bit slow grasping the concept and how-it-works of this framework.
Show threadJared Jennings
@maulanahirzan @david_chisnall The grasp of #netgraph I have (which is tenuous) i got by searching out conference talks and #FreeBSD Journal articles: the reference documentation doesn't tell the story. The reason I'm still working at it, after VLAN-aware bridges have been announced and merged, is that netgraph has a #netflow node, which emits data about each connection or "flow" to a side channel. I think Open vSwitch might be able to do that, but the in-kernel bridges don't; and OVS is another layer of complexity.
Aug 11, 2025 at 12:41pmWeb
Show threadA. M. H.Aug 11, 2025
@jaredj @david_chisnall I am starting to understand how Netgraph works. I have succesfully deployed multiple jails with vnet and a simple Netgraph connections.
Show threadJared JenningsAug 11, 2025
@maulanahirzan @david_chisnall Marvellous! Have you found anything official about how to get it to run at boot time? The best I can reckon, for my firewall machine, I'd have to do nothing at all regarding Ethernet in rc.conf, and write an init script to set up the netgraph node-by-node instead. (i love that that is a thing you can just do in FreeBSD)
Show threadA. M. H.Aug 11, 2025
@jaredj @david_chisnall I haven't found one yet (maybe in the future?). For now, an init script is the best way to set everything up, like my jail script did to set up its connectivity.