how to route to a local server thru PF router
Travis H.
travis at subspacefield.org
Sun Dec 3 11:46:04 PST 2006
On Thu, Nov 23, 2006 at 12:38:05PM +1100, fwun at bigpond.net.au wrote:
> The PF router I setup is an Internet router that allow people access the Internet.
> But in the mean time, this PF router also connected to a local freebsd server.
> As a user behind the PF router, i also want to ssh into the local freebsd server (10.1.10.2).
> But currently I m not able to ssh into this local server thru the PF router.
>
> The current NAT rules in the PF router setup as:
>
> # pfctl -a NATRULES -sn
> nat on sis0 inet from 192.168.1.0/24 to any -> (sis0) round-robin
> nat on sis0 inet from 172.17.3.0/24 to any -> (sis0) round-robin
> nat on sis0 inet from 10.1.10.0/24 to any -> (sis0) round-robin
>
> I m connected to the 172.17.3.0/24 network. The local freebsd server is connected to 10.1.10.0/24 network.
>
> And the PF router is already setup as a default gateway.
>
> How can I modify the PF rules so that I can login from 172.17.3.0/24 to 10.1.10.0/24 network?
Are they both on the LAN side of the PF box?
I assume sis0 is the WAN interface, but you don't say which is which.
You will need an interface alias on each network, and you will need to do something like:
pass quick on $lan_if from $lan_if:network to $lan_if:network
That rule will expand to each network, so you can communicate between them through the router.
--
"Cryptography is nothing more than a mathematical framework for
discussing various paranoid delusions." -- Don Alvarez
<URL:http://www.subspacefield.org/~travis/> -><-
More information about the freebsd-pf
mailing list