Date: Tue, 22 Apr 2008 17:22:30 -0500 From: Nicolas de Bari Embriz Garcia Rojas <nbari@k9.cx> To: Miroslav Lachman <000.fbsd@quip.cz> Cc: freebsd-jail@freebsd.org Subject: Re: routing Message-ID: <6CC2A206-EC5E-4245-A077-6398AE804462@k9.cx> In-Reply-To: <480E53F2.5010502@quip.cz> References: <695A90A5-CB7E-4C5A-AA6C-C4EB148FF320@k9.cx> <480E53F2.5010502@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks, I tried to base my rules on your but still do not have luck. I do not know if maybe is because of the IPSEC vpn, also what i would like to do i to access the the end vpn poing from the jails but still havent made that or know how to doit. any ideas ? regards. On Apr 22, 2008, at 4:09 PM, Miroslav Lachman wrote: > Nicolas de Bari Embriz Garcia Rojas wrote: >> I have a ipsec/vpn on FreeBSD 6.3 from one master server to >> another server the one has multiple jails. each jail has is own >> public IP and i need to do something like this: >> vpn point >----------------------< master server with jails <------- >> > jail (75.76.78.80) >> 64.68.69.79/10.10.10.1 75.76.78.79/10.10.10.2 >> when doing a telnet to 10.10.10.2 80 from 10.10.10.1 I want that >> the jail with ip 75.76.78.80 to respond, and also from jail >> 75.76.78.80 been available to telnet the other vpn point 10.10.10.1. >> I am trying to route trafic using PF but is not working for the >> tunel only for the non encrypted trafic, example: >> rdr on em1 proto tcp from any to any port 80 -> 75.76.78.80 >> but if i use the gif0 interface (the one for the tunnel) insted of >> em1 does not work. > > I am using slightly different setup. I have lo1 with IPs > 172.16.1.0/24 for jails and public IPs are RDR / NATed from public > interface to local (jails). > I have one jail, where I need to connect throught OpenVPN on tap0 to > the MSSQL database server and from the other and (MS Windows Server) > allow connection in to jailed MySQL database server. Apache from > this jail is publicly accessible on ports 80 and 443. > > jail_addr_0="172.16.1.2" > jail_tcp_0_inports="{ 80, 443 }" > vpn_dtc_if="tap0" > vpn_dtc_addr_local="10.0.0.29" > vpn_dtc_addr_remote="10.0.0.10" > vpn_dtc_inports="{ 3306 }" # let incoming to local mysql > > # outgoing connections > nat on $ext_if from $jail_addr_0 to !$jail_addr_0 -> $ext_addr_3 > nat pass on $vpn_dtc_if from $jail_addr_0 to $vpn_dtc_addr_remote -> > $vpn_dtc_addr_local > # incomming connections > rdr on $ext_if proto tcp from any to $ext_addr_3 -> $jail_addr_0 > rdr pass on $vpn_dtc_if inet proto tcp from any to > $vpn_dtc_addr_local port $vpn_dtc_inports -> $jail_addr_0 > > Miroslav Lachman -- > nbari
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6CC2A206-EC5E-4245-A077-6398AE804462>