how to route to a local server thru PF router

Max Laier max at love2party.net
Thu Nov 23 19:21:57 UTC 2006 

On Thursday 23 November 2006 02:38, fwun at bigpond.net.au wrote:
> Hi,
>
> The PF router I setup is an Internet router that allow people access
> the Internet. But in the mean time, this PF router also connected to a
> local freebsd server. As a user behind the PF router, i also want to
> ssh into the local freebsd server (10.1.10.2). But currently I m not
> able to ssh into this local server thru the PF router.
>
> The current NAT rules in the PF router setup as:
>
> # pfctl -a NATRULES -sn
> nat on sis0 inet from 192.168.1.0/24 to any -> (sis0) round-robin
> nat on sis0 inet from 172.17.3.0/24 to any -> (sis0) round-robin
> nat on sis0 inet from 10.1.10.0/24 to any -> (sis0) round-robin
>
> I m connected to the 172.17.3.0/24 network. The local freebsd server is
> connected to 10.1.10.0/24 network.
>
> And the PF router is already setup as a default gateway.
>
> How can I modify the PF rules so that I can login from 172.17.3.0/24 to
> 10.1.10.0/24 network?

I'm not sure I do understand your setup completely, but pf does not do any 
routing unless you tell it to.  If you have correct route entries on all 
three boxes involved and no block rules that prevent the traffic, the nat 
rules shown above are irrelevant.

In detail, this means:
The server at 10.1.10.2 must have a default (or 172.17.3/24) route to the 
pf-router.
The client at 172.17.3.X must have a default (or 10.1.10/24) route to the 
pf-router.
The pf-router must have a route to both networks and the 
net.inet.ip.forwarding sysctl needs to be set to "1".

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20061123/5eebaf5f/attachment.pgp

More information about the freebsd-pf mailing list