Date: Thu, 4 Nov 2010 11:15:11 +0100 From: =?ISO-8859-1?Q?Samuel_Mart=EDn_Moro?= <faust64@gmail.com> To: questions@freebsd.org Subject: openvpn client on pf gateway Message-ID: <AANLkTin0=hNHwAwVBXxAXArDhj%2B4yUktkpCuNphm1nd2@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi,
I'm using a FreeBSD-8.1 (RELEASE, amd64) as gateway for my local network.
And pf as firewall.
I'm renting a dedicated box, running openvpn.
My gateway is configured as a client of this VPN.
I modified my pf.conf to provide internet to my local network.
I configured iptables on the VPN server (debian-5) to accept everything, an=
d
redirect what I needed to.
Everything seems to work... except...
How can I redirect a port through the VPN?
I mean...
The problem does not seem to come from the VPN server, as I can access my
local gateway from an external server, through the iptables redirection.
But, when I try to access a host behind that gateway, it won't connect...
Here's the pf.conf:
ext_if=3D"bge0"
int_if=3D"bge1"
vpn_if=3D"tun0"
lc =3D $int_if:network
vpn=3D"10.253.254.1"
emma=3D"10.242.42.200"
alpha=3D"10.42.42.42"
delta=3D"10.42.42.44"
xi=3D"10.42.142.44"
set skip on lo0
scrub in on $ext_if all fragment reassemble
scrub in on $vpn_if all fragment reassemble
INTERNETZ
nat on $ext_if from $lc to any -> ($ext_if)
nat on $vpn_if from $lc to any -> ($vpn_if)
rdr on $ext_if inet proto tcp from any to ($ext_if) port 1666 ->
$alpha port 1666
rdr on $vpn_if inet proto tcp from any to ($vpn_if) port 1666 ->
$alpha port 1666
rdr on $ext_if inet proto tcp from any to ($ext_if) port 1667 ->
$delta port 22
rdr on $vpn_if inet proto tcp from any to ($vpn_if) port 1667 ->
$delta port 22
rdr on $ext_if inet proto tcp from any to ($ext_if) port 1668 ->
$alpha port 22
rdr on $vpn_if inet proto tcp from any to ($vpn_if) port 1668 ->
$alpha port 22
rdr on $ext_if inet proto tcp from any to ($ext_if) port 1669 ->
$xi port 22
rdr on $vpn_if inet proto tcp from any to ($vpn_if) port 1669 ->
$xi port 22
rdr on $ext_if inet proto tcp from any to ($ext_if) port 9418 ->
$xi port 9418
rdr on $vpn_if inet proto tcp from any to ($vpn_if) port 9418 ->
$xi port 9418
pass in on $ext_if inet proto tcp from any to $ext_if port 1664
pass in on $vpn_if inet proto tcp from any to $vpn_if port 1664
pass in on $int_if inet proto tcp from any to any
pass in on $int_if inet proto udp from any to any
block in log on $ext_if inet proto icmp from any to $ext_if
block in log on $vpn_if inet proto icmp from any to $vpn_if
every rules for $ext_if is working as expected
so I copied them, replacing my external interface by the vpn one
ssh from internet to the gateway (1664) works.
but accessing a ssh server behind the gateway (say alpha, 1668) does not...
What am I doing wrong?
Regards,
--=20
Samuel Mart=EDn Moro
{EPITECH.} tek5
CamTrace S.A.S
(+033) 1 41 38 37 60
1 All=E9e de la Venelle
92150 Suresnes
FRANCE
"Nobody wants to say how this works.
Maybe nobody knows ..."
Xorg.conf(5)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTin0=hNHwAwVBXxAXArDhj%2B4yUktkpCuNphm1nd2>