Date: Wed, 17 Jun 2009 12:31:43 -0700 From: "Mike Sweetser - Adhost" <mikesw@adhost.com> To: <freebsd-questions@freebsd.org> Subject: PF Routing to VPN Device Message-ID: <17838240D9A5544AAA5FF95F8D5203160638ABE2@ad-exh01.adhost.lan>
next in thread | raw e-mail | index | archive | help
Hello,
We have a network with a VPN device sitting beside a PF server, both
connected to an internal network. =20
PF Server: 10.1.4.1
VPN Device: 10.1.4.200
The VPNs are set up for 10.1.1.0/24 and 10.1.2.0/24, so any traffic to
these networks should be routed to 10.1.4.200. We've set up routes on
the PF server as such.
We've set up the following rules:=20
block in log
pass in on $int_if route-to 10.1.4.200 from 10.1.4.0/24 to { 10.1.1.0/24
10.1.2.0/24)
However, the block in log is catching the return traffic. From pflog
when somebody on the VPN (10.1.2.105) tries to connect to 10.1.4.25 on
port 80:
000000 rule 28/0(match): block in on bge1: 10.1.4.25.80 >
10.1.2.105.3558: [|tcp]
If we remove the block in log, the traffic works.
What are we missing?
Thanks,
Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17838240D9A5544AAA5FF95F8D5203160638ABE2>