Date: Mon, 21 Jul 2014 11:42:57 +0300 From: "Zeus Panchenko" <zeus@ibs.dn.ua> To: <freebsd-pf@freebsd.org> Subject: nat lan to tun (nat before vpn) Message-ID: <20140721114257.7299@smtp.new-ukraine.org>
next in thread | raw e-mail | index | archive | help
=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi,
just was stumbled on the subject ... please, may somebody advise what am
I missing?
I have:
FreeBSD 10.0-STABLE #0 r261303
BoxA:
LAN: 192.168.0.1/24
TUN (OpenVPN): 172.16.10.1=20
with route to 172.16/12 set via tun
BoxB:
LAN: 192.168.0.2/24
with route to 172.16/12 set via boxA lan
I need:
to give access to 172.16/12 for boxB via nat on boxA
in boxA pf.conf:
nat on tun1 from 192.168.0.2 to 172.16/12 -> 172.16.10.1
pass in log on tun1
pass in log (all) on $if_lan inet proto { tcp udp } from 192.168.0.2
when I spawn traffic to 172.16/12 from boxB I can see packets on lan
boxA but nothin is on boxA tun ...
so, can I do that this way or I need something yet? is it nat-before-vpn
case which is not implemented in FreeBSD pf yet (at last it was so)?
=2D --=20
Zeus V. Panchenko jid:zeus@im.ibs.dn.ua
IT Dpt., I.B.S. LLC GMT+2 (EET)
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlPM0pEACgkQr3jpPg/3oyoSvwCg3XKMmYZ+i4Hewv/Lyde/pzZ3
uvYAoNkplMMP4+C9r/PP4Jw/Zg9JQJXo
=3DH//M
=2D----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140721114257.7299>