Date: Tue, 08 Sep 2015 21:34:24 +0000 From: "C.L. Martinez" <carlopmart@gmail.com> To: questions@freebsd.org Subject: Using openconnect with ipfw+natd Message-ID: <55EF5460.4040105@gmail.com>
next in thread | raw e-mail | index | archive | help
Hi all, I have installed a freebsd (10.2 p2, fully patched) vm under kvm host to use as a ssl-vpn client to connect to several Juniper SSL-VPN devices (of course, not at the same time). I need to do NAT in this freebsd vm to allow others vm's behind it to access to other hosts behind Juniper appliances, but it doesn't works. In my rc.conf I put the following: ### Firewall configuration options: ### gateway_enable="YES" firewall_enable="YES" firewall_type="open" firewall_logging="NO" natd_enable="YES" natd_flags="-dynamic -m" My actual ipfw rules: 00050 14 1064 divert 8668 ip from any to any in via tun0 00100 0 0 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 00400 0 0 deny ip from any to ::1 00500 0 0 deny ip from ::1 to any 00600 0 0 allow ipv6-icmp from :: to ff02::/16 00700 0 0 allow ipv6-icmp from fe80::/10 to fe80::/10 00800 0 0 allow ipv6-icmp from fe80::/10 to ff02::/16 00900 0 0 allow ipv6-icmp from any to any ip6 icmp6types 1 01000 0 0 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136 65000 1605 241150 allow ip from any to any 65535 0 0 deny ip from any to any ... but nat doesn't works and this Freebsd vm reaches all hosts behind Juniper appliances What am I doing wrong?? Thanks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55EF5460.4040105>