PF Routing to VPN Device
Mike Sweetser - Adhost
mikesw at adhost.com
Wed Jun 17 19:46:48 UTC 2009
Hello,
We have a network with a VPN device sitting beside a PF server, both
connected to an internal network.
PF Server: 10.1.4.1
VPN Device: 10.1.4.200
The VPNs are set up for 10.1.1.0/24 and 10.1.2.0/24, so any traffic to
these networks should be routed to 10.1.4.200. We've set up routes on
the PF server as such.
We've set up the following rules:
block in log
pass in on $int_if route-to 10.1.4.200 from 10.1.4.0/24 to { 10.1.1.0/24
10.1.2.0/24)
However, the block in log is catching the return traffic. From pflog
when somebody on the VPN (10.1.2.105) tries to connect to 10.1.4.25 on
port 80:
000000 rule 28/0(match): block in on bge1: 10.1.4.25.80 >
10.1.2.105.3558: [|tcp]
If we remove the block in log, the traffic works.
What are we missing?
Thanks,
Mike
More information about the freebsd-questions
mailing list