It is occasionally useful to forward all traffic from a particular subnet over a vpn for privacy.
I am assuming that you already have FreeBSD installed, and a working Wireguard configuration that you might have got from a VPN provider, or perhaps crafted yourself. The idea is that all traffic behind the FreeBSD VPN Router will be "protected" by the vpn traffic. Therefore, we will run DHCP on this subnet.
Here are models and drawings for the Cross Slide Nut (part B-65749) for the Standard Modern 9" Utilathe (Series 1000).
Unforunately this document is not currently available from Standard Modern (website is down), so I thought I would put my copy up.
Here are models and drawings for the Spindle Adjustment Nut (part B-65668) for the Standard Modern 9" Utilathe (Series 1000).
FreeBSD 12.0 shipped with vnet networking enabled by default. This allows a jail to be allocated a real fake interface, and for it to have its own networking stack. I have been using iocage, so here is how I configure a jail:
In recent years, it has been increasingly difficult to administer older dell servers from Linux. icedtea-web works great for idrac6+, but 5- still requires either activex or an older version of java. Especially to get the virtual media working.
Giving jails their own subnet and routing traffic into that subnet with PF has some benefits. It allows jails to communicate freely between themselves, but keep that traffic on the backend private subnet. I like exposing an ssh service running in a jail on the backend, and using -D flag of ssh to proxy some ssh and http traffic to the backend network. Kind of a poor mans development environment and VPN.
Often when deploying a new machine, I have it reverse-tunnel into my jump server so that I can always get to it via ssh, despite mixed firewall environments. I am used to doing this with FreeBSD systems, but when doing it on Linux I often forget the systemd unit file syntax.
Poudriere is a simple way to create FreeBSD binary packages. https://pkg.freebsd.org does this, and those packages are sufficient for most use cases. Building your own packages has some advantages:
I use tarsnap because it sticks to the unix philosophy...it does one thing (backups) very well. Encryption is done on the client before the backup ever leaves, and it is as easy as using tar.
If you haven't already, go get an account at tarsnap. You will need one to complete this tutorial. I put about $5 in my account, and have never refilled it.