Date: Thu, 23 Nov 2006 20:21:22 +0100 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Subject: Re: how to route to a local server thru PF router Message-ID: <200611232021.28538.max@love2party.net> In-Reply-To: <16201878.1164245885264.JavaMail.root@web03sl> References: <16201878.1164245885264.JavaMail.root@web03sl>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart2644728.Po3qliLmj7 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 23 November 2006 02:38, fwun@bigpond.net.au wrote: > Hi, > > The PF router I setup is an Internet router that allow people access > the Internet. But in the mean time, this PF router also connected to a > local freebsd server. As a user behind the PF router, i also want to > ssh into the local freebsd server (10.1.10.2). But currently I m not > able to ssh into this local server thru the PF router. > > The current NAT rules in the PF router setup as: > > # pfctl -a NATRULES -sn > nat on sis0 inet from 192.168.1.0/24 to any -> (sis0) round-robin > nat on sis0 inet from 172.17.3.0/24 to any -> (sis0) round-robin > nat on sis0 inet from 10.1.10.0/24 to any -> (sis0) round-robin > > I m connected to the 172.17.3.0/24 network. The local freebsd server is > connected to 10.1.10.0/24 network. > > And the PF router is already setup as a default gateway. > > How can I modify the PF rules so that I can login from 172.17.3.0/24 to > 10.1.10.0/24 network? I'm not sure I do understand your setup completely, but pf does not do any= =20 routing unless you tell it to. If you have correct route entries on all=20 three boxes involved and no block rules that prevent the traffic, the nat=20 rules shown above are irrelevant. In detail, this means: The server at 10.1.10.2 must have a default (or 172.17.3/24) route to the=20 pf-router. The client at 172.17.3.X must have a default (or 10.1.10/24) route to the=20 pf-router. The pf-router must have a route to both networks and the=20 net.inet.ip.forwarding sysctl needs to be set to "1". =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2644728.Po3qliLmj7 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQBFZfS4XyyEoT62BG0RAl/0AJ9Qwr+zuMqDzYG400DU2XvaR72e+gCfWx/3 ZfTcCPr+mKkiv3FdNenw8Tw= =p/wL -----END PGP SIGNATURE----- --nextPart2644728.Po3qliLmj7--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200611232021.28538.max>