From owner-freebsd-jail@FreeBSD.ORG  Tue Apr 22 19:46:16 2008
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8DBCA1065673
	for <freebsd-jail@freebsd.org>; Tue, 22 Apr 2008 19:46:16 +0000 (UTC)
	(envelope-from nbari@k9.cx)
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169])
	by mx1.freebsd.org (Postfix) with ESMTP id 10EFE8FC15
	for <freebsd-jail@freebsd.org>; Tue, 22 Apr 2008 19:46:15 +0000 (UTC)
	(envelope-from nbari@k9.cx)
Received: by ug-out-1314.google.com with SMTP id y2so246349uge.37
	for <freebsd-jail@freebsd.org>; Tue, 22 Apr 2008 12:46:14 -0700 (PDT)
Received: by 10.66.220.17 with SMTP id s17mr7302552ugg.20.1208891937981;
	Tue, 22 Apr 2008 12:18:57 -0700 (PDT)
Received: from ?10.50.46.83? ( [213.58.102.135])
	by mx.google.com with ESMTPS id d38sm180550ugf.43.2008.04.22.12.18.54
	(version=TLSv1/SSLv3 cipher=OTHER);
	Tue, 22 Apr 2008 12:18:57 -0700 (PDT)
Message-Id: <695A90A5-CB7E-4C5A-AA6C-C4EB148FF320@k9.cx>
From: Nicolas de Bari Embriz Garcia Rojas <nbari@k9.cx>
To: freebsd-jail@freebsd.org
Mime-Version: 1.0 (Apple Message framework v919.2)
Date: Tue, 22 Apr 2008 14:18:48 -0500
X-Mailer: Apple Mail (2.919.2)
Content-Type: text/plain;
	charset=US-ASCII;
	format=flowed;
	delsp=yes
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: routing
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Apr 2008 19:46:16 -0000

I have a ipsec/vpn on FreeBSD 6.3 from one master server to another  
server the one has multiple jails. each jail has is own public IP and  
i need to do something like this:

vpn point >----------------------< master server with jails <------->  
jail (75.76.78.80)
64.68.69.79/10.10.10.1         75.76.78.79/10.10.10.2

when doing a telnet to 10.10.10.2 80  from 10.10.10.1 I want that the  
jail with ip 75.76.78.80 to respond, and also from jail 75.76.78.80  
been available to telnet the other vpn point 10.10.10.1.

I am trying to route trafic using PF but is not working for  the tunel  
only for the non encrypted trafic, example:
rdr on em1 proto tcp from any to any port 80 -> 75.76.78.80

but if i use the gif0 interface (the one for the tunnel) insted of em1  
does not work.

Any ideas ?

--
 > nbari