Date: Sun, 3 Dec 2006 13:38:58 -0600 From: "Travis H." <travis@subspacefield.org> To: fwun@bigpond.net.au Cc: freebsd-pf@freebsd.org Subject: Re: how to route to a local server thru PF router Message-ID: <20061203193858.GD7696@nexus.subspacefield.org> In-Reply-To: <16201878.1164245885264.JavaMail.root@web03sl> References: <16201878.1164245885264.JavaMail.root@web03sl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 23, 2006 at 12:38:05PM +1100, fwun@bigpond.net.au wrote: > The PF router I setup is an Internet router that allow people access the Internet. > But in the mean time, this PF router also connected to a local freebsd server. > As a user behind the PF router, i also want to ssh into the local freebsd server (10.1.10.2). > But currently I m not able to ssh into this local server thru the PF router. > > The current NAT rules in the PF router setup as: > > # pfctl -a NATRULES -sn > nat on sis0 inet from 192.168.1.0/24 to any -> (sis0) round-robin > nat on sis0 inet from 172.17.3.0/24 to any -> (sis0) round-robin > nat on sis0 inet from 10.1.10.0/24 to any -> (sis0) round-robin > > I m connected to the 172.17.3.0/24 network. The local freebsd server is connected to 10.1.10.0/24 network. > > And the PF router is already setup as a default gateway. > > How can I modify the PF rules so that I can login from 172.17.3.0/24 to 10.1.10.0/24 network? Are they both on the LAN side of the PF box? I assume sis0 is the WAN interface, but you don't say which is which. You will need an interface alias on each network, and you will need to do something like: pass quick on $lan_if from $lan_if:network to $lan_if:network That rule will expand to each network, so you can communicate between them through the router. -- "Cryptography is nothing more than a mathematical framework for discussing various paranoid delusions." -- Don Alvarez <URL:http://www.subspacefield.org/~travis/>; -><-
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061203193858.GD7696>