From owner-freebsd-pf@FreeBSD.ORG  Thu Mar  9 13:42:54 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@FreeBSD.org
Delivered-To: freebsd-pf@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C83CD16A422
	for <freebsd-pf@FreeBSD.org>; Thu,  9 Mar 2006 13:42:54 +0000 (GMT)
	(envelope-from tiagocruz@forumgdh.net)
Received: from gdhs.guiadohardware.net (gdhs.guiadohardware.net [64.246.6.25])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1CAF543D49
	for <freebsd-pf@FreeBSD.org>; Thu,  9 Mar 2006 13:42:53 +0000 (GMT)
	(envelope-from tiagocruz@forumgdh.net)
Received: (qmail 7666 invoked by uid 15); 9 Mar 2006 13:42:51 -0000
Received: from unknown (HELO tuxkiller.matter.b4br.net)
	(tiagocruz@forumgdh.net@200.152.202.10)
	by 0 with SMTP; 9 Mar 2006 13:42:51 -0000
From: Tiago Cruz <tiagocruz@forumgdh.net>
To: freebsd-pf@FreeBSD.org
In-Reply-To: <d4f1333a0603031402m82862f9j1a423f09a5007e81@mail.gmail.com>
References: <1140612265.5617.25.camel@localhost.localdomain>
	<000001c637b3$a54b0a70$0a00a8c0@thebeast>
	<d4f1333a0602230336t5d29532fp704af80b67e58cfb@mail.gmail.com>
	<1141326676.9163.5.camel@localhost.localdomain>
	<d4f1333a0603021908h33614acbn7e8d96524684b093@mail.gmail.com>
	<1141386582.9163.19.camel@localhost.localdomain>
	<d4f1333a0603031402m82862f9j1a423f09a5007e81@mail.gmail.com>
Content-Type: text/plain
Date: Thu, 09 Mar 2006 10:42:51 -0300
Message-Id: <1141911771.11450.26.camel@localhost.localdomain>
Mime-Version: 1.0
X-Mailer: Evolution 2.4.2.1 
Content-Transfer-Encoding: 7bit
Cc: 
Subject: Re: Dirty NAT tricks (solution)
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Mar 2006 13:42:54 -0000

On Fri, 2006-03-03 at 16:02 -0600, Travis H. wrote:
> On 3/3/06, Tiago Cruz <tiagocruz@forumgdh.net> wrote:
> > 1-) I'm in Brazil, and my clients (is more than one) don't stay here,
> > and yes in all the world (italy, eua, germany...)
> >
> > 2-) The notebooks clients is running Window$ XP :-/
> 
> Sorry, I don't know how to do what you want then.

Some months after, I'm here back to say the solution:

I did this in my default gateway master (192.168.0.0/22) with CARP
(firewall fail over):

Firewall Rules:
==============
vpn2 = "tun0"
...
set loginterface $vpn2
...
binat on $vpn2 from 192.168.0.0/22 to any -> 192.168.8.0/22
...
pass in  on $vpn from any to any keep state
pass out on $vpn from any to any keep state

Client: Windows XP (192.168.0.0/24) with OpenVPN (10.5.0.0/24):

SO, the client need to ping the host 192.168.8.32 to get reply from
192.168.0.8.

Is working now :-)

Logs:
54. 224700 rule 26/0(match): pass in on tun0: 10.5.0.6 > 192.168.0.32:
ICMP echo request, id 1024, seq 13568, length 40

Thank you,
Hope that help somebody.

-- 
Tiago Cruz
http://linuxrapido.org