From owner-freebsd-pf@freebsd.org Tue Nov 12 23:07:11 2019 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9C3F41BE0D8 for ; Tue, 12 Nov 2019 23:07:11 +0000 (UTC) (envelope-from freebsd-database@pp.dyndns.biz) Received: from keymaster.local (ns1.xn--wesstrm-f1a.se [IPv6:2a00:d880:5:1b9::8526]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "keymaster.pp.dyndns.biz", Issuer "keymaster.pp.dyndns.biz" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47CNg24WyJz4FLc for ; Tue, 12 Nov 2019 23:07:09 +0000 (UTC) (envelope-from freebsd-database@pp.dyndns.biz) Received: from [192.168.69.69] ([192.168.69.69]) by keymaster.local (8.15.2/8.15.2) with ESMTP id xACN75QD007563 for ; Wed, 13 Nov 2019 00:07:06 +0100 (CET) (envelope-from freebsd-database@pp.dyndns.biz) Subject: Re: NAT for use with OpenVPN References: <80ec074d-7a5d-7016-57e4-f607384d0e20@pp.dyndns.biz> <6bc9b8ce-3ab3-2b57-510d-67ace0a90259@pp.dyndns.biz> <30f8da8a-de96-f737-fef8-820c6ae2ed16@pp.dyndns.biz> <7f1fcc2d-4833-7fda-c181-a3d15b16f9ee@pp.dyndns.biz> <0b13ae53-b211-ad2c-1447-225860f73d3a@pp.dyndns.biz> To: freebsd-pf@freebsd.org From: =?UTF-8?Q?Morgan_Wesstr=c3=b6m?= Message-ID: <8ba7182d-8c4e-e10e-467b-6cf447490151@pp.dyndns.biz> Date: Wed, 13 Nov 2019 00:06:58 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47CNg24WyJz4FLc X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd-database@pp.dyndns.biz has no SPF policy when checking 2a00:d880:5:1b9::8526) smtp.mailfrom=freebsd-database@pp.dyndns.biz X-Spamd-Result: default: False [1.80 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.68)[-0.678,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; IP_SCORE(-0.04)[asn: 198203(-0.24), country: NL(0.02)]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_TLS_LAST(0.00)[]; NEURAL_SPAM_LONG(0.32)[0.318,0]; HFILTER_HELO_IP_A(1.00)[keymaster.local]; R_SPF_NA(0.00)[]; HFILTER_HELO_NORES_A_OR_MX(0.30)[keymaster.local]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:198203, ipnet:2a00:d880::/32, country:NL]; MID_RHS_MATCH_FROM(0.00)[]; DMARC_NA(0.00)[pp.dyndns.biz]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Nov 2019 23:07:11 -0000 On 2019-11-12 23:53, Phil Staub wrote: > New development: > > In the process of tracking down installation of the DD-WRT firmware, I > found out how to get a command line interface to the router. It involves > sending a special enable packet to the gateway address and then > telnetting into it. > > Though the purpose for doing this was for something else, I figured that > since the router runs linux, a shell should get me access to ifconfig > and netstat. Here's what I get: > If it runs on Linux I suppose it uses iptables for firewalling and NAT? Should be easy to see what the NAT rules look like. Maybe you can simply add a NAT rule for 10.8.0.0/24 if it's missing? Probably won't survive a reboot but as a workaround it might do? I'm no iptables expert (it's black magic compared to pf) but some googling thinks the following command should list the NAT rules: # iptables -t nat -L /Morgan