Date: Sat, 5 Mar 2016 09:08:57 -0800 From: Michael Sierchio <kudzu@tenebras.com> To: Malcolm Matalka <mmatalka@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Want to NAT over VPN but not the gateway's own traffic Message-ID: <CAHu1Y71hB=ivVsL6BaoGmdQRk1q-3Qws-uVY=UuncChJ4OBvTA@mail.gmail.com> In-Reply-To: <CAHu1Y735pb%2Bw0-rQgQBeh-KjDZVxAw%2BDuyrirbwjqTz1c4CPuA@mail.gmail.com> References: <86h9glfb3c.fsf@gmail.com> <CAHu1Y735pb%2Bw0-rQgQBeh-KjDZVxAw%2BDuyrirbwjqTz1c4CPuA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
$IF_TUN and $if_tun are meant to be the same, of course. I pasted those from two different files. On Sat, Mar 5, 2016 at 8:34 AM, Michael Sierchio <kudzu@tenebras.com> wrote: > This is indeed possible. I've done this with a combination of ipfw, kernel > nat, and firewall rules that explicitly use different route tables (man > setfib) > > This is a brief snippet from a firewall that was routing different traffic > differently, and using NAT on the OpenVPN tunneled traffic. > > FW="ipfw-q" > > setfib 1 route -q add default -interface $IF_TUN > > $FW nat 100 config if $if_tun > ... > $FW add nat 100 ip from any to any in recv $if_tun > ... > $FW add setfib 1 ip from $INSIDE_NET to any > ... > $FW add nat 100 ip from any to any out xmit $if_tun > > On Sat, Mar 5, 2016 at 2:55 AM, Malcolm Matalka <mmatalka@gmail.com> > wrote: > >> I'm trying to have the following setup: >> >> I have a host that is acting as a WiFi access point and then NATing >> traffic to the internet. That host is running an OpenVPN client. So >> wlan0 traffic is NAT'd to tun0. That is exactly what I want. However, >> I would like to keep this setup of the WiFi AP going through the VPN but >> the traffic of the machine itself to go not go through the VPN. >> >> Is this possible? How? I'm not sure what information I actually need >> to get proper help. >> >> /Malcolm >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y71hB=ivVsL6BaoGmdQRk1q-3Qws-uVY=UuncChJ4OBvTA>