Em 30-01-2014 16:16, Pieter Verberne escreveu:
> On 2014-01-30 18:02, Pieter Verberne wrote:
>> When I use a client, which is behind a pf firewall, I use this redirect
>> rule:
>> pass in on $ext_if proto {tcp, udp} from any to any port 12345 rdr-to
>> 10.1.2.3
>>
>> Now I have a client that is connected via a socks5 SSH tunnel to the pf
>> firewall. Can I still have a pf redirect to this client?
>
> I'm sorry my mail is not clear.
>
> I have two machines. One is an OpenBSD machine with pf configured. I
> call this machine lilium. The other machine is a Windows client, let's
> call this machine bob.
>
> On bob I'm using a gnutella client which is listening to tcp and udp
> port 13648. When bob is connected to the same LAN as lilium, I'm using
> the following pf.conf line on lilium to make gnutella work:
>
> pass in on $ext_if proto {tcp, udp} from any to any port 13648 rdr-to
> 10.0.0.18
>
> On the LAN bob has ip address 10.0.0.18 .
>
> Now somethimes, I'm at a remote location and I'm using putty to create a
> SSH/SOCKS5 tunnel to lilium. I still want to be able to use my gnutella
> client through this SOCKS5 proxy, however, the redirect rule does not
> work (ofcourse). How should I solve this?
>
> Can I actually do this with SOCKS, or should I start thinking about some
> VPN solution? It would be cool if I can do it with SOCKS.
>
> Okay, it's only gnutella (file sharing), but apart from that, I just
> want to know. :-)
>
> Thanks,
>
> Gr,
> Pieter Verberne
>
You can use the VPN functionality of OpenSSH and do this. But as far as
I could understand your situation, your redirect will work only for tcp
based connections if you make a reverse ssh tunnel. But not for udp. My
suggestion is to go for the VPN solution. There are plenty of options in
OpenBSD, both on base and in packages. I myself use OpenVPN. But don't
be biased by me and see what's is best for your case.
Cheers,
--
Giancarlo Razzolini
GPG: 4096R/77B981BC
