Date: Sat, 9 Nov 2019 23:07:32 +0100 From: =?UTF-8?Q?Morgan_Wesstr=c3=b6m?= <freebsd-database@pp.dyndns.biz> To: freebsd-pf@freebsd.org Subject: Re: NAT for use with OpenVPN Message-ID: <3011932d-4fa2-6c25-4622-3d509cac8c11@pp.dyndns.biz> In-Reply-To: <CAMnCm8gBqiTaohPvGvWARR3ECW3PK33_Fy3UdQM9-zC1u0mqEg@mail.gmail.com> References: <CAMnCm8jmZJ6r8f_byUUMOmPr%2B3QeH_xB1zCx_SD%2BHvc2YF55Vw@mail.gmail.com> <CAMnCm8hQFC3PmJfRU5x_07zLZjUwKtXMGCSf6B-N4K6kR14Bgg@mail.gmail.com> <CAMnCm8gBqiTaohPvGvWARR3ECW3PK33_Fy3UdQM9-zC1u0mqEg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Internet -> Arris 6141 modem -> Netgear R6400.2 router/firewall -> > threepio.mynetgear.com (FreeBSD) Ah, you have a standalone SOHO router. That changes things drastically. :) I assume the computers on your LAN (including FreeBSD) have private IP addresses (192.168.x.x)? In that case your Netgear router is doing the NAT for you and you don't need to worry about that part. - You need to forward port 1194/udp (or whatever you chose for OpenVPN) in your Netgear router so it points to the IP address of your FreeBSD machine. Consult the router's manual how to do port forwarding. - The firewall in the Netgear router also needs to allow incoming connections on this port. It's probably setup along with the port forwarding but once again you need to consult the Netgear manual. - You can disable pf on your FreeBSD machine unless you absolutely want an extra firewall to protect it. I strongly suggest you disable it at this point though until you have the OpenVPN server running. It's protected behind your Netgear router. So to sum up: - Configure firewall and port forwarding in your Netgear router. - Configure the OpenVPN server on FreeBSD. One caveat to look out for: I'm not familiar with your Arris modem. Make sure it doesn't do routing and NAT too so you have two layers of NAT since that would complicate things. Make sure your modem is in bridge mode and that your Netgear router has a public IP address on the interface connected to the modem. Regards Morgan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3011932d-4fa2-6c25-4622-3d509cac8c11>