openvpn client on pf gateway
Samuel Martín Moro
faust64 at gmail.com
Thu Nov 4 10:40:49 UTC 2010
Hi,
I'm using a FreeBSD-8.1 (RELEASE, amd64) as gateway for my local network.
And pf as firewall.
I'm renting a dedicated box, running openvpn.
My gateway is configured as a client of this VPN.
I modified my pf.conf to provide internet to my local network.
I configured iptables on the VPN server (debian-5) to accept everything, and
redirect what I needed to.
Everything seems to work... except...
How can I redirect a port through the VPN?
I mean...
The problem does not seem to come from the VPN server, as I can access my
local gateway from an external server, through the iptables redirection.
But, when I try to access a host behind that gateway, it won't connect...
Here's the pf.conf:
ext_if="bge0"
int_if="bge1"
vpn_if="tun0"
lc = $int_if:network
vpn="10.253.254.1"
emma="10.242.42.200"
alpha="10.42.42.42"
delta="10.42.42.44"
xi="10.42.142.44"
set skip on lo0
scrub in on $ext_if all fragment reassemble
scrub in on $vpn_if all fragment reassemble
INTERNETZ
nat on $ext_if from $lc to any -> ($ext_if)
nat on $vpn_if from $lc to any -> ($vpn_if)
rdr on $ext_if inet proto tcp from any to ($ext_if) port 1666 ->
$alpha port 1666
rdr on $vpn_if inet proto tcp from any to ($vpn_if) port 1666 ->
$alpha port 1666
rdr on $ext_if inet proto tcp from any to ($ext_if) port 1667 ->
$delta port 22
rdr on $vpn_if inet proto tcp from any to ($vpn_if) port 1667 ->
$delta port 22
rdr on $ext_if inet proto tcp from any to ($ext_if) port 1668 ->
$alpha port 22
rdr on $vpn_if inet proto tcp from any to ($vpn_if) port 1668 ->
$alpha port 22
rdr on $ext_if inet proto tcp from any to ($ext_if) port 1669 ->
$xi port 22
rdr on $vpn_if inet proto tcp from any to ($vpn_if) port 1669 ->
$xi port 22
rdr on $ext_if inet proto tcp from any to ($ext_if) port 9418 ->
$xi port 9418
rdr on $vpn_if inet proto tcp from any to ($vpn_if) port 9418 ->
$xi port 9418
pass in on $ext_if inet proto tcp from any to $ext_if port 1664
pass in on $vpn_if inet proto tcp from any to $vpn_if port 1664
pass in on $int_if inet proto tcp from any to any
pass in on $int_if inet proto udp from any to any
block in log on $ext_if inet proto icmp from any to $ext_if
block in log on $vpn_if inet proto icmp from any to $vpn_if
every rules for $ext_if is working as expected
so I copied them, replacing my external interface by the vpn one
ssh from internet to the gateway (1664) works.
but accessing a ssh server behind the gateway (say alpha, 1668) does not...
What am I doing wrong?
Regards,
--
Samuel Martín Moro
{EPITECH.} tek5
CamTrace S.A.S
(+033) 1 41 38 37 60
1 Allée de la Venelle
92150 Suresnes
FRANCE
"Nobody wants to say how this works.
Maybe nobody knows ..."
Xorg.conf(5)
More information about the freebsd-questions
mailing list