Date: Thu, 4 Nov 2010 11:15:11 +0100 From: =?ISO-8859-1?Q?Samuel_Mart=EDn_Moro?= <faust64@gmail.com> To: questions@freebsd.org Subject: openvpn client on pf gateway Message-ID: <AANLkTin0=hNHwAwVBXxAXArDhj%2B4yUktkpCuNphm1nd2@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, I'm using a FreeBSD-8.1 (RELEASE, amd64) as gateway for my local network. And pf as firewall. I'm renting a dedicated box, running openvpn. My gateway is configured as a client of this VPN. I modified my pf.conf to provide internet to my local network. I configured iptables on the VPN server (debian-5) to accept everything, an= d redirect what I needed to. Everything seems to work... except... How can I redirect a port through the VPN? I mean... The problem does not seem to come from the VPN server, as I can access my local gateway from an external server, through the iptables redirection. But, when I try to access a host behind that gateway, it won't connect... Here's the pf.conf: ext_if=3D"bge0" int_if=3D"bge1" vpn_if=3D"tun0" lc =3D $int_if:network vpn=3D"10.253.254.1" emma=3D"10.242.42.200" alpha=3D"10.42.42.42" delta=3D"10.42.42.44" xi=3D"10.42.142.44" set skip on lo0 scrub in on $ext_if all fragment reassemble scrub in on $vpn_if all fragment reassemble INTERNETZ nat on $ext_if from $lc to any -> ($ext_if) nat on $vpn_if from $lc to any -> ($vpn_if) rdr on $ext_if inet proto tcp from any to ($ext_if) port 1666 -> $alpha port 1666 rdr on $vpn_if inet proto tcp from any to ($vpn_if) port 1666 -> $alpha port 1666 rdr on $ext_if inet proto tcp from any to ($ext_if) port 1667 -> $delta port 22 rdr on $vpn_if inet proto tcp from any to ($vpn_if) port 1667 -> $delta port 22 rdr on $ext_if inet proto tcp from any to ($ext_if) port 1668 -> $alpha port 22 rdr on $vpn_if inet proto tcp from any to ($vpn_if) port 1668 -> $alpha port 22 rdr on $ext_if inet proto tcp from any to ($ext_if) port 1669 -> $xi port 22 rdr on $vpn_if inet proto tcp from any to ($vpn_if) port 1669 -> $xi port 22 rdr on $ext_if inet proto tcp from any to ($ext_if) port 9418 -> $xi port 9418 rdr on $vpn_if inet proto tcp from any to ($vpn_if) port 9418 -> $xi port 9418 pass in on $ext_if inet proto tcp from any to $ext_if port 1664 pass in on $vpn_if inet proto tcp from any to $vpn_if port 1664 pass in on $int_if inet proto tcp from any to any pass in on $int_if inet proto udp from any to any block in log on $ext_if inet proto icmp from any to $ext_if block in log on $vpn_if inet proto icmp from any to $vpn_if every rules for $ext_if is working as expected so I copied them, replacing my external interface by the vpn one ssh from internet to the gateway (1664) works. but accessing a ssh server behind the gateway (say alpha, 1668) does not... What am I doing wrong? Regards, --=20 Samuel Mart=EDn Moro {EPITECH.} tek5 CamTrace S.A.S (+033) 1 41 38 37 60 1 All=E9e de la Venelle 92150 Suresnes FRANCE "Nobody wants to say how this works. Maybe nobody knows ..." Xorg.conf(5)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTin0=hNHwAwVBXxAXArDhj%2B4yUktkpCuNphm1nd2>