routing gif0 ipsec
jille at quis.cx
Mon Apr 28 18:26:31 UTC 2008
Would you mind stopping to send your (same) email to all mailinglists,
twice or more ?
I've seen your problem in 7 mails already,
I don't know a solution, but as you can see most people don't know it.
It doesn't help resending it each time.
I'm sorry for acting like a list-operator, but I think I speak for more
people on the lists.
Nicolas de Bari Embriz Garcia Rojas schreef:
> Hi all, I am trying to all trafic from a gif0 interface used for a vpn
> to an public IP on the same server that is like an alias
> I have the following schema (FreeBSD 6.3)
> gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
> tunnel inet 184.108.40.206 --> 220.127.116.11
> inet 172.16.224.1 --> 172.16.16.1 netmask 0xffffffff
> em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> inet 18.104.22.168 netmask 0xfffffff8 broadcast 22.214.171.124
> inet 126.96.36.199 netmask 0xffffffff broadcast 188.8.131.52
> The VPN from point 172.16.224.1 --> 172.16.16.1 works, I can ping/telnet
> to 172.16.16.1 and get a response.
> The jail is running on IP 184.108.40.206 (same IP used for doing the
> VPN/IPSEC) but if I log int to that jail (jexec 1 csh) I can not ping
> currently I am trying this with pf
> nat pass on gif0 from 220.127.116.11 to 172.16.16.1 -> 172.16.224.1
> rdr pass on gif0 proto tcp from any to any port 80 -> 18.104.22.168
> pass in log from any to any keep state
> pass out log from any to any keep state
> but is not working, from the jail (22.214.171.124) I can not ping/telnet
> the VPN 172.16.16.1
> there is a tool call jumpgate with the one I can redirect incoming tcp
> to gif0 and forward trafic to em1 with out problems, but instead I would
> like to use pf
> jumpgate -b 172.16.224.1 -l 80 -r 80 -a 126.96.36.199
> with this i can telnet from the other end point to por 80 and i can
> forward the connection to the public IP of the jail through the vpn tunnel.
> any ideas on how to solve this issue using pf or maybe some routing rules.
> freebsd-pf at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
More information about the freebsd-jail