Date: Mon, 28 Apr 2008 19:59:33 +0200 From: Jille <jille@quis.cx> To: Nicolas de Bari Embriz Garcia Rojas <nbari@k9.cx> Cc: freebsd-jail@freebsd.org, freebsd-pf@freebsd.org Subject: Re: routing gif0 ipsec Message-ID: <48161085.7030002@quis.cx> In-Reply-To: <1D3CC81F-19C9-4DAB-A2C8-3CC84C4528BD@k9.cx> References: <1D3CC81F-19C9-4DAB-A2C8-3CC84C4528BD@k9.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Nicolas, Would you mind stopping to send your (same) email to all mailinglists, twice or more ? I've seen your problem in 7 mails already, I don't know a solution, but as you can see most people don't know it. It doesn't help resending it each time. I'm sorry for acting like a list-operator, but I think I speak for more people on the lists. -- Jille Nicolas de Bari Embriz Garcia Rojas schreef: > Hi all, I am trying to all trafic from a gif0 interface used for a vpn > to an public IP on the same server that is like an alias > > I have the following schema (FreeBSD 6.3) > > > gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280 > tunnel inet 67.228.79.224 --> 74.86.163.16 > inet 172.16.224.1 --> 172.16.16.1 netmask 0xffffffff > > em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING> > inet 67.228.78.162 netmask 0xfffffff8 broadcast 67.228.78.167 > inet 67.228.79.224 netmask 0xffffffff broadcast 67.228.79.224 > > > The VPN from point 172.16.224.1 --> 172.16.16.1 works, I can ping/telnet > to 172.16.16.1 and get a response. > > The jail is running on IP 67.228.79.224 (same IP used for doing the > VPN/IPSEC) but if I log int to that jail (jexec 1 csh) I can not ping > 172.16.16.1 > > currently I am trying this with pf > -- > nat pass on gif0 from 67.228.79.224 to 172.16.16.1 -> 172.16.224.1 > rdr pass on gif0 proto tcp from any to any port 80 -> 67.228.79.224 > > pass in log from any to any keep state > pass out log from any to any keep state > -- > but is not working, from the jail (67.228.79.224) I can not ping/telnet > the VPN 172.16.16.1 > > there is a tool call jumpgate with the one I can redirect incoming tcp > to gif0 and forward trafic to em1 with out problems, but instead I would > like to use pf > > jumpgate -b 172.16.224.1 -l 80 -r 80 -a 67.228.79.224 > > with this i can telnet from the other end point to por 80 and i can > forward the connection to the public IP of the jail through the vpn tunnel. > > any ideas on how to solve this issue using pf or maybe some routing rules. > > regards. > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48161085.7030002>