Date: Sat, 5 Mar 2016 08:34:59 -0800 From: Michael Sierchio <kudzu@tenebras.com> To: Malcolm Matalka <mmatalka@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Want to NAT over VPN but not the gateway's own traffic Message-ID: <CAHu1Y735pb%2Bw0-rQgQBeh-KjDZVxAw%2BDuyrirbwjqTz1c4CPuA@mail.gmail.com> In-Reply-To: <86h9glfb3c.fsf@gmail.com> References: <86h9glfb3c.fsf@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is indeed possible. I've done this with a combination of ipfw, kernel nat, and firewall rules that explicitly use different route tables (man setfib) This is a brief snippet from a firewall that was routing different traffic differently, and using NAT on the OpenVPN tunneled traffic. FW="ipfw-q" setfib 1 route -q add default -interface $IF_TUN $FW nat 100 config if $if_tun ... $FW add nat 100 ip from any to any in recv $if_tun ... $FW add setfib 1 ip from $INSIDE_NET to any ... $FW add nat 100 ip from any to any out xmit $if_tun On Sat, Mar 5, 2016 at 2:55 AM, Malcolm Matalka <mmatalka@gmail.com> wrote: > I'm trying to have the following setup: > > I have a host that is acting as a WiFi access point and then NATing > traffic to the internet. That host is running an OpenVPN client. So > wlan0 traffic is NAT'd to tun0. That is exactly what I want. However, > I would like to keep this setup of the WiFi AP going through the VPN but > the traffic of the machine itself to go not go through the VPN. > > Is this possible? How? I'm not sure what information I actually need > to get proper help. > > /Malcolm > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y735pb%2Bw0-rQgQBeh-KjDZVxAw%2BDuyrirbwjqTz1c4CPuA>