From owner-freebsd-jail@FreeBSD.ORG Mon Apr 28 18:26:30 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DFE5E106566B for ; Mon, 28 Apr 2008 18:26:30 +0000 (UTC) (envelope-from jille@quis.cx) Received: from smtp2.versatel.nl (smtp2.versatel.nl [62.58.50.89]) by mx1.freebsd.org (Postfix) with ESMTP id 566C28FC26 for ; Mon, 28 Apr 2008 18:26:30 +0000 (UTC) (envelope-from jille@quis.cx) Received: (qmail 5658 invoked by uid 0); 28 Apr 2008 17:59:44 -0000 Received: from ip83-113-174-82.adsl2.versatel.nl (HELO istud.quis.cx) ([82.174.113.83]) (envelope-sender ) by smtp2.versatel.nl (qmail-ldap-1.03) with SMTP for < >; 28 Apr 2008 17:59:44 -0000 Received: by istud.quis.cx (Postfix, from userid 100) id 825DA39844; Mon, 28 Apr 2008 19:59:43 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on istud.quis.cx X-Spam-Level: X-Spam-Status: No, score=-3.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.2.4 Received: from [192.168.1.4] (ille [192.168.1.4]) by istud.quis.cx (Postfix) with ESMTP id 999083981D; Mon, 28 Apr 2008 19:59:40 +0200 (CEST) Message-ID: <48161085.7030002@quis.cx> Date: Mon, 28 Apr 2008 19:59:33 +0200 From: Jille User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: Nicolas de Bari Embriz Garcia Rojas References: <1D3CC81F-19C9-4DAB-A2C8-3CC84C4528BD@k9.cx> In-Reply-To: <1D3CC81F-19C9-4DAB-A2C8-3CC84C4528BD@k9.cx> X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org, freebsd-pf@freebsd.org Subject: Re: routing gif0 ipsec X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Apr 2008 18:26:31 -0000 Hello Nicolas, Would you mind stopping to send your (same) email to all mailinglists, twice or more ? I've seen your problem in 7 mails already, I don't know a solution, but as you can see most people don't know it. It doesn't help resending it each time. I'm sorry for acting like a list-operator, but I think I speak for more people on the lists. -- Jille Nicolas de Bari Embriz Garcia Rojas schreef: > Hi all, I am trying to all trafic from a gif0 interface used for a vpn > to an public IP on the same server that is like an alias > > I have the following schema (FreeBSD 6.3) > > > gif0: flags=8051 mtu 1280 > tunnel inet 67.228.79.224 --> 74.86.163.16 > inet 172.16.224.1 --> 172.16.16.1 netmask 0xffffffff > > em1: flags=8843 mtu 1500 > options=1b > inet 67.228.78.162 netmask 0xfffffff8 broadcast 67.228.78.167 > inet 67.228.79.224 netmask 0xffffffff broadcast 67.228.79.224 > > > The VPN from point 172.16.224.1 --> 172.16.16.1 works, I can ping/telnet > to 172.16.16.1 and get a response. > > The jail is running on IP 67.228.79.224 (same IP used for doing the > VPN/IPSEC) but if I log int to that jail (jexec 1 csh) I can not ping > 172.16.16.1 > > currently I am trying this with pf > -- > nat pass on gif0 from 67.228.79.224 to 172.16.16.1 -> 172.16.224.1 > rdr pass on gif0 proto tcp from any to any port 80 -> 67.228.79.224 > > pass in log from any to any keep state > pass out log from any to any keep state > -- > but is not working, from the jail (67.228.79.224) I can not ping/telnet > the VPN 172.16.16.1 > > there is a tool call jumpgate with the one I can redirect incoming tcp > to gif0 and forward trafic to em1 with out problems, but instead I would > like to use pf > > jumpgate -b 172.16.224.1 -l 80 -r 80 -a 67.228.79.224 > > with this i can telnet from the other end point to por 80 and i can > forward the connection to the public IP of the jail through the vpn tunnel. > > any ideas on how to solve this issue using pf or maybe some routing rules. > > regards. > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"