From owner-freebsd-pf@freebsd.org Wed Nov 13 22:37:32 2019 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AB1D91BE1B7 for ; Wed, 13 Nov 2019 22:37:32 +0000 (UTC) (envelope-from freebsd-database@pp.dyndns.biz) Received: from keymaster.local (ns1.xn--wesstrm-f1a.se [IPv6:2a00:d880:5:1b9::8526]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "keymaster.pp.dyndns.biz", Issuer "keymaster.pp.dyndns.biz" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47CzyM31GYz4cnR for ; Wed, 13 Nov 2019 22:37:30 +0000 (UTC) (envelope-from freebsd-database@pp.dyndns.biz) Received: from [192.168.69.69] ([192.168.69.69]) by keymaster.local (8.15.2/8.15.2) with ESMTP id xADMbNPQ012415 for ; Wed, 13 Nov 2019 23:37:27 +0100 (CET) (envelope-from freebsd-database@pp.dyndns.biz) Subject: Re: NAT for use with OpenVPN References: <8ba7182d-8c4e-e10e-467b-6cf447490151@pp.dyndns.biz> <5fce41df-37fb-fc8c-be80-f47dfd0d04ad@pp.dyndns.biz> To: freebsd-pf@freebsd.org From: =?UTF-8?Q?Morgan_Wesstr=c3=b6m?= Message-ID: Date: Wed, 13 Nov 2019 23:37:23 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47CzyM31GYz4cnR X-Spamd-Bar: +++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd-database@pp.dyndns.biz has no SPF policy when checking 2a00:d880:5:1b9::8526) smtp.mailfrom=freebsd-database@pp.dyndns.biz X-Spamd-Result: default: False [3.41 / 15.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; IP_SCORE(-0.04)[asn: 198203(-0.21), country: NL(0.02)]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_SPAM_MEDIUM(0.61)[0.611,0]; RCVD_TLS_LAST(0.00)[]; NEURAL_SPAM_LONG(0.64)[0.639,0]; HFILTER_HELO_IP_A(1.00)[keymaster.local]; R_SPF_NA(0.00)[]; HFILTER_HELO_NORES_A_OR_MX(0.30)[keymaster.local]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:198203, ipnet:2a00:d880::/32, country:NL]; MID_RHS_MATCH_FROM(0.00)[]; DMARC_NA(0.00)[pp.dyndns.biz]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Nov 2019 22:37:32 -0000 > See my follow up message. It's the SNAT directive. The tutorial I was > looking at was > > https://www.karlrupp.net/en/computer/nat_tutorial Well, I'm too inexperienced with iptables to give you and advice here unfortunately. > Definitely. I assume the way to test that would be to attempt to access > my router from the outside the same way I would when I log in from the > inside. Yes, connect your phone with mobile data only (no WiFi) and no VPN and you can try to browse to the admin interface on your external ip. For a more thorough test you could install Termux which will give you a Linux terminal in your phone. It comes with a built-in package manager so you can install your favourite Linux tools. You can use it to install nmap which is the defacto port scanning tool to use. The man page will give you some examples of the syntax and it will scan for open ports. It should only find your 1194 port used by OpenVPN. /Morgan