Hi all, I am trying to all trafic from a gif0 interface used
for a vpn
to an public IP on the same server that is like an alias
I have the following schema (FreeBSD 6.3)
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu
1280
tunnel inet 67.228.79.224 --> 74.86.163.16
inet 172.16.224.1 --> 172.16.16.1 netmask
0xffffffff
em1:
flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu
1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 67.228.78.162 netmask 0xfffffff8 broadcast
67.228.78.167
inet 67.228.79.224 netmask 0xffffffff broadcast
67.228.79.224
The VPN from point 172.16.224.1 --> 172.16.16.1 works, I
can ping/
telnet to 172.16.16.1 and get a response.
The jail is running on IP 67.228.79.224 (same IP used for
doing the
VPN/IPSEC) but if I log int to that jail (jexec 1 csh) I can
not ping
172.16.16.1
currently I am trying this with pf
--
nat pass on gif0 from 67.228.79.224 to 172.16.16.1 ->
172.16.224.1
rdr pass on gif0 proto tcp from any to any port 80 ->
67.228.79.224
pass in log from any to any keep state
pass out log from any to any keep state
--
but is not working, from the jail (67.228.79.224) I can not
ping/
telnet the VPN 172.16.16.1
there is a tool call jumpgate with the one I can redirect
incoming tcp
to gif0 and forward trafic to em1 with out problems, but
instead I
would like to use pf
jumpgate -b 172.16.224.1 -l 80 -r 80 -a 67.228.79.224
with this i can telnet from the other end point to por 80
and i can
forward the connection to the public IP of the jail through
the vpn
tunnel.
any ideas on how to solve this issue using pf or maybe some
routing
rules.
regards.
_______________________________________________
freebsd-pf freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
|
