On 21 Jul 2014, at 10:42, Zeus Panchenko <z...@ibs.dn.ua> wrote:
> hi,
>
> just was stumbled on the subject ... please, may somebody advise what am
> I missing?
Is net.inet.ip.forwarding set to 1?
> I have:
>
> FreeBSD 10.0-STABLE #0 r261303
>
> BoxA:
> LAN: 192.168.0.1/24
> TUN (OpenVPN): 172.16.10.1
>
> with route to 172.16/12 set via tun
>
> BoxB:
> LAN: 192.168.0.2/24
>
> with route to 172.16/12 set via boxA lan
>
> I need:
> to give access to 172.16/12 for boxB via nat on boxA
>
> in boxA pf.conf:
>
> nat on tun1 from 192.168.0.2 to 172.16/12 -> 172.16.10.1
> pass in log on tun1
Should be "pass out" or just "pass"
Is the OpenVPN tunnel up? Do you have a rule on the underlying interface to
pass out udp to port 1194?
> pass in log (all) on $if_lan inet proto { tcp udp } from 192.168.0.2
>
> when I spawn traffic to 172.16/12 from boxB I can see packets on lan
> boxA but nothin is on boxA tun ...
>
> so, can I do that this way or I need something yet? is it nat-before-vpn
> case which is not implemented in FreeBSD pf yet (at last it was so)?
>
> --
> Zeus V. Panchenko jid:z...@im.ibs.dn.ua
> IT Dpt., I.B.S. LLC GMT+2 (EET)
>
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
