Want to NAT over VPN but not the gateway's own traffic
Michael Sierchio
kudzu at tenebras.com
Sat Mar 5 17:08:59 UTC 2016
$IF_TUN and $if_tun are meant to be the same, of course. I pasted those
from two different files.
On Sat, Mar 5, 2016 at 8:34 AM, Michael Sierchio <kudzu at tenebras.com> wrote:
> This is indeed possible. I've done this with a combination of ipfw, kernel
> nat, and firewall rules that explicitly use different route tables (man
> setfib)
>
> This is a brief snippet from a firewall that was routing different traffic
> differently, and using NAT on the OpenVPN tunneled traffic.
>
> FW="ipfw-q"
>
> setfib 1 route -q add default -interface $IF_TUN
>
> $FW nat 100 config if $if_tun
> ...
> $FW add nat 100 ip from any to any in recv $if_tun
> ...
> $FW add setfib 1 ip from $INSIDE_NET to any
> ...
> $FW add nat 100 ip from any to any out xmit $if_tun
>
> On Sat, Mar 5, 2016 at 2:55 AM, Malcolm Matalka <mmatalka at gmail.com>
> wrote:
>
>> I'm trying to have the following setup:
>>
>> I have a host that is acting as a WiFi access point and then NATing
>> traffic to the internet. That host is running an OpenVPN client. So
>> wlan0 traffic is NAT'd to tun0. That is exactly what I want. However,
>> I would like to keep this setup of the WiFi AP going through the VPN but
>> the traffic of the machine itself to go not go through the VPN.
>>
>> Is this possible? How? I'm not sure what information I actually need
>> to get proper help.
>>
>> /Malcolm
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "
>> freebsd-questions-unsubscribe at freebsd.org"
>>
>
>
More information about the freebsd-questions
mailing list