Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 22 Apr 2008 17:22:30 -0500
From:      Nicolas de Bari Embriz Garcia Rojas <nbari@k9.cx>
To:        Miroslav Lachman <000.fbsd@quip.cz>
Cc:        freebsd-jail@freebsd.org
Subject:   Re: routing
Message-ID:  <6CC2A206-EC5E-4245-A077-6398AE804462@k9.cx>
In-Reply-To: <480E53F2.5010502@quip.cz>
References:  <695A90A5-CB7E-4C5A-AA6C-C4EB148FF320@k9.cx> <480E53F2.5010502@quip.cz>

next in thread | previous in thread | raw e-mail | index | archive | help
Thanks, I tried to base my rules on your but still do not have luck.

I do not know if maybe is because of the IPSEC vpn, also what i would  
like to do i to access the the end vpn poing from the jails but still  
havent made that or know how to doit.

any ideas ?

regards.

On Apr 22, 2008, at 4:09 PM, Miroslav Lachman wrote:

> Nicolas de Bari Embriz Garcia Rojas wrote:
>> I have a ipsec/vpn on FreeBSD 6.3 from one master server to  
>> another  server the one has multiple jails. each jail has is own  
>> public IP and  i need to do something like this:
>> vpn point >----------------------< master server with jails <------- 
>> >  jail (75.76.78.80)
>> 64.68.69.79/10.10.10.1         75.76.78.79/10.10.10.2
>> when doing a telnet to 10.10.10.2 80  from 10.10.10.1 I want that  
>> the  jail with ip 75.76.78.80 to respond, and also from jail  
>> 75.76.78.80  been available to telnet the other vpn point 10.10.10.1.
>> I am trying to route trafic using PF but is not working for  the  
>> tunel  only for the non encrypted trafic, example:
>> rdr on em1 proto tcp from any to any port 80 -> 75.76.78.80
>> but if i use the gif0 interface (the one for the tunnel) insted of  
>> em1  does not work.
>
> I am using slightly different setup. I have lo1 with IPs  
> 172.16.1.0/24 for jails and public IPs are RDR / NATed from public  
> interface to local (jails).
> I have one jail, where I need to connect throught OpenVPN on tap0 to  
> the MSSQL database server and from the other and (MS Windows Server)  
> allow connection in to jailed MySQL database server. Apache from  
> this jail is publicly accessible on ports 80 and 443.
>
> jail_addr_0="172.16.1.2"
> jail_tcp_0_inports="{ 80, 443 }"
> vpn_dtc_if="tap0"
> vpn_dtc_addr_local="10.0.0.29"
> vpn_dtc_addr_remote="10.0.0.10"
> vpn_dtc_inports="{ 3306 }"    # let incoming to local mysql
>
> # outgoing connections
> nat on $ext_if from $jail_addr_0 to !$jail_addr_0 -> $ext_addr_3
> nat pass on $vpn_dtc_if from $jail_addr_0 to $vpn_dtc_addr_remote ->  
> $vpn_dtc_addr_local
> # incomming connections
> rdr on $ext_if proto tcp from any to $ext_addr_3 -> $jail_addr_0
> rdr pass on $vpn_dtc_if inet proto tcp from any to  
> $vpn_dtc_addr_local port $vpn_dtc_inports -> $jail_addr_0
>
> Miroslav Lachman

--
 > nbari








Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6CC2A206-EC5E-4245-A077-6398AE804462>