Date: Fri, 21 Feb 2014 22:02:23 -0500 From: Francisco Reyes <lists@natserv.net> To: freebsd-net@freebsd.org Subject: FreeBSD behind a firewall Message-ID: <5308133F.7050504@natserv.net>
next in thread | raw e-mail | index | archive | help
Setup Internet --> Vyatta firewall --> FreeBSD Trying to have the FreeBSD machine listen on http and https on local network and have the Vyatta firewall forward the traffic from the external connections. I have the Vyatta already configured to send to FreeBSD, but it seems the packets at the FreeBSD machine are not going back to the firewall.. The FreeBSD machine has 3 interfaces xn0 public - will have ssh open xn1 internal - visible in entire data center (Rackspace VM) xn2 internal - private net on 192.168.3.0 I have the Vyatta firewall sending traffic to xn2 and I am able to see it with TCPdump I tried setting a static route for all of 192.168.3.0 to go through the Vyatta firewall, but that did not seem to help. Output of netstat -r Internet: Destination Gateway Flags Refs Use Netif Expire default 162.209.99.1 UGS 0 3542 xn0 10.176.0.0/18 link#5 U 0 0 xn1 => 10.176.0.0/12 10.176.0.1 UGS 0 0 xn1 testvm link#5 UHS 0 0 lo0 localhost link#3 UH 0 0 lo0 162.209.99.0 link#4 U 0 0 xn0 testvm link#4 UHS 0 0 lo0 192.168.3.0 link#6 U 0 0 xn2 192.168.3.1 link#6 UHS 0 0 lo0 The FreeBSD machine is 192.168.3.1, the Vyatta firewall is 192.168.3.2 Relevant parts of /etc/rc.conf defaultrouter="162.209.99.1" static_routes="lan0 lan1 lan2" route_lan0="-net 10.176.0.0 -netmask 255.240.0.0 10.176.0.1" route_lan1="-net 10.208.0.0 -netmask 255.240.0.0 10.176.0.1" route_lan1="-net 192.168.3.0 -netmask 255.255.255.0 192.168.3.2" Any pointers on how I can get the traffic to go back to the Vyatta firewall? Does the firewall needs to be the gateway for the VM? The ideal would be to keep ssh outside as to not depend on the firewall and http and https to go throught he firewall.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5308133F.7050504>