routing gif0 ipsec
Nicolas de Bari Embriz Garcia Rojas
nbari at k9.cx
Mon Apr 28 14:52:41 UTC 2008
Hi all, I am trying to all trafic from a gif0 interface used for a vpn
to an public IP on the same server that is like an alias
I have the following schema (FreeBSD 6.3)
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
tunnel inet 67.228.79.224 --> 74.86.163.16
inet 172.16.224.1 --> 172.16.16.1 netmask 0xffffffff
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 67.228.78.162 netmask 0xfffffff8 broadcast 67.228.78.167
inet 67.228.79.224 netmask 0xffffffff broadcast 67.228.79.224
The VPN from point 172.16.224.1 --> 172.16.16.1 works, I can ping/
telnet to 172.16.16.1 and get a response.
The jail is running on IP 67.228.79.224 (same IP used for doing the
VPN/IPSEC) but if I log int to that jail (jexec 1 csh) I can not ping
172.16.16.1
currently I am trying this with pf
--
nat pass on gif0 from 67.228.79.224 to 172.16.16.1 -> 172.16.224.1
rdr pass on gif0 proto tcp from any to any port 80 -> 67.228.79.224
pass in log from any to any keep state
pass out log from any to any keep state
--
but is not working, from the jail (67.228.79.224) I can not ping/
telnet the VPN 172.16.16.1
there is a tool call jumpgate with the one I can redirect incoming tcp
to gif0 and forward trafic to em1 with out problems, but instead I
would like to use pf
jumpgate -b 172.16.224.1 -l 80 -r 80 -a 67.228.79.224
with this i can telnet from the other end point to por 80 and i can
forward the connection to the public IP of the jail through the vpn
tunnel.
any ideas on how to solve this issue using pf or maybe some routing
rules.
regards.
More information about the freebsd-jail
mailing list