openvpn client on pf gateway

Samuel Martín Moro faust64 at gmail.com
Thu Nov 4 10:40:49 UTC 2010 

Hi,


I'm using a FreeBSD-8.1 (RELEASE, amd64) as gateway for my local network.
And pf as firewall.


I'm renting a dedicated box, running openvpn.
My gateway is configured as a client of this VPN.
I modified my pf.conf to provide internet to my local network.
I configured iptables on the VPN server (debian-5) to accept everything, and
redirect what I needed to.

Everything seems to work... except...

How can I redirect a port through the VPN?
I mean...
The problem does not seem to come from the VPN server, as I can access my
local gateway from an external server, through the iptables redirection.
But, when I try to access a host behind that gateway, it won't connect...


Here's the pf.conf:

ext_if="bge0"
int_if="bge1"
vpn_if="tun0"

lc = $int_if:network
  vpn="10.253.254.1"
 emma="10.242.42.200"
alpha="10.42.42.42"
delta="10.42.42.44"
   xi="10.42.142.44"

set skip     on lo0
scrub in     on $ext_if all fragment reassemble
scrub in     on $vpn_if all fragment reassemble
INTERNETZ
nat          on $ext_if                 from $lc to any -> ($ext_if)
nat          on $vpn_if                 from $lc to any -> ($vpn_if)
rdr          on $ext_if inet proto tcp  from any to ($ext_if) port 1666 ->
$alpha port 1666
rdr          on $vpn_if inet proto tcp  from any to ($vpn_if) port 1666 ->
$alpha port 1666
rdr          on $ext_if inet proto tcp  from any to ($ext_if) port 1667 ->
$delta port   22
rdr          on $vpn_if inet proto tcp  from any to ($vpn_if) port 1667 ->
$delta port   22
rdr          on $ext_if inet proto tcp  from any to ($ext_if) port 1668 ->
$alpha port   22
rdr          on $vpn_if inet proto tcp  from any to ($vpn_if) port 1668 ->
$alpha port   22
rdr          on $ext_if inet proto tcp  from any to ($ext_if) port 1669 ->
$xi    port   22
rdr          on $vpn_if inet proto tcp  from any to ($vpn_if) port 1669 ->
$xi    port   22
rdr          on $ext_if inet proto tcp  from any to ($ext_if) port 9418 ->
$xi    port 9418
rdr          on $vpn_if inet proto tcp  from any to ($vpn_if) port 9418 ->
$xi    port 9418
pass  in     on $ext_if inet proto tcp  from any to $ext_if   port 1664
pass  in     on $vpn_if inet proto tcp  from any to $vpn_if   port 1664
pass  in     on $int_if inet proto tcp  from any to any
pass  in     on $int_if inet proto udp  from any to any
block in log on $ext_if inet proto icmp from any to $ext_if
block in log on $vpn_if inet proto icmp from any to $vpn_if

every rules for $ext_if is working as expected
so I copied them, replacing my external interface by the vpn one
ssh from internet to the gateway (1664) works.
but accessing a ssh server behind the gateway (say alpha, 1668) does not...


What am I doing wrong?



Regards,

-- 
Samuel Martín Moro
{EPITECH.} tek5
CamTrace S.A.S
  (+033) 1 41 38 37 60
  1 Allée de la Venelle
  92150 Suresnes
  FRANCE

"Nobody wants to say how this works.
  Maybe nobody knows ..."
                      Xorg.conf(5)

More information about the freebsd-questions mailing list