Want to NAT over VPN but not the gateway's own traffic
kudzu at tenebras.com
Sat Mar 5 16:35:01 UTC 2016
This is indeed possible. I've done this with a combination of ipfw, kernel
nat, and firewall rules that explicitly use different route tables (man
This is a brief snippet from a firewall that was routing different traffic
differently, and using NAT on the OpenVPN tunneled traffic.
setfib 1 route -q add default -interface $IF_TUN
$FW nat 100 config if $if_tun
$FW add nat 100 ip from any to any in recv $if_tun
$FW add setfib 1 ip from $INSIDE_NET to any
$FW add nat 100 ip from any to any out xmit $if_tun
On Sat, Mar 5, 2016 at 2:55 AM, Malcolm Matalka <mmatalka at gmail.com> wrote:
> I'm trying to have the following setup:
> I have a host that is acting as a WiFi access point and then NATing
> traffic to the internet. That host is running an OpenVPN client. So
> wlan0 traffic is NAT'd to tun0. That is exactly what I want. However,
> I would like to keep this setup of the WiFi AP going through the VPN but
> the traffic of the machine itself to go not go through the VPN.
> Is this possible? How? I'm not sure what information I actually need
> to get proper help.
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions