routing

Nicolas de Bari Embriz Garcia Rojas nbari at k9.cx
Sat Apr 26 20:59:28 UTC 2008 

I used your rules an worked is just that for an know reason if I  
restart the vpn on the master host it stops working. also takes some  
time for work.

any ideas ?

regards
On Apr 24, 2008, at 6:20 AM, Miroslav Lachman wrote:

> Nicolas de Bari Embriz Garcia Rojas wrote:
>
>> In your example what values are for ext_addr_3, ext_if?
>
> Server has external interface bge0 (connected to internet)
> ext_if="bge0"
> and 4 public IP addresses, $ext_addr_3 is one of them (dedicated to  
> this jail usage)
>
>
>> On Apr 22, 2008, at 4:09 PM, Miroslav Lachman wrote:
>>> Nicolas de Bari Embriz Garcia Rojas wrote:
>>>
>>>> I have a ipsec/vpn on FreeBSD 6.3 from one master server to   
>>>> another  server the one has multiple jails. each jail has is own   
>>>> public IP and  i need to do something like this:
>>>> vpn point >----------------------< master server with jails  
>>>> <------- >  jail (75.76.78.80)
>>>> 64.68.69.79/10.10.10.1         75.76.78.79/10.10.10.2
>>>> when doing a telnet to 10.10.10.2 80  from 10.10.10.1 I want  
>>>> that  the  jail with ip 75.76.78.80 to respond, and also from  
>>>> jail  75.76.78.80  been available to telnet the other vpn point  
>>>> 10.10.10.1.
>>>> I am trying to route trafic using PF but is not working for  the   
>>>> tunel  only for the non encrypted trafic, example:
>>>> rdr on em1 proto tcp from any to any port 80 -> 75.76.78.80
>>>> but if i use the gif0 interface (the one for the tunnel) insted  
>>>> of  em1  does not work.
>>>
>>>
>>> I am using slightly different setup. I have lo1 with IPs   
>>> 172.16.1.0/24 for jails and public IPs are RDR / NATed from  
>>> public  interface to local (jails).
>>> I have one jail, where I need to connect throught OpenVPN on tap0  
>>> to  the MSSQL database server and from the other and (MS Windows  
>>> Server)  allow connection in to jailed MySQL database server.  
>>> Apache from  this jail is publicly accessible on ports 80 and 443.
>>>
>>> jail_addr_0="172.16.1.2"
>>> jail_tcp_0_inports="{ 80, 443 }"
>>> vpn_dtc_if="tap0"
>>> vpn_dtc_addr_local="10.0.0.29"
>>> vpn_dtc_addr_remote="10.0.0.10"
>>> vpn_dtc_inports="{ 3306 }"    # let incoming to local mysql
>>>
>>> # outgoing connections
>>> nat on $ext_if from $jail_addr_0 to !$jail_addr_0 -> $ext_addr_3
>>> nat pass on $vpn_dtc_if from $jail_addr_0 to $vpn_dtc_addr_remote - 
>>> >  $vpn_dtc_addr_local
>>> # incomming connections
>>> rdr on $ext_if proto tcp from any to $ext_addr_3 -> $jail_addr_0
>>> rdr pass on $vpn_dtc_if inet proto tcp from any to   
>>> $vpn_dtc_addr_local port $vpn_dtc_inports -> $jail_addr_0
>>>
>>> Miroslav Lachman

More information about the freebsd-jail mailing list