Using openconnect with ipfw+natd
C.L. Martinez
carlopmart at gmail.com
Tue Sep 8 21:34:34 UTC 2015
Hi all,
I have installed a freebsd (10.2 p2, fully patched) vm under kvm host
to use as a ssl-vpn client to connect to several Juniper SSL-VPN devices
(of course, not at the same time).
I need to do NAT in this freebsd vm to allow others vm's behind it to
access to other hosts behind Juniper appliances, but it doesn't works.
In my rc.conf I put the following:
### Firewall configuration options: ###
gateway_enable="YES"
firewall_enable="YES"
firewall_type="open"
firewall_logging="NO"
natd_enable="YES"
natd_flags="-dynamic -m"
My actual ipfw rules:
00050 14 1064 divert 8668 ip from any to any in via tun0
00100 0 0 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
00400 0 0 deny ip from any to ::1
00500 0 0 deny ip from ::1 to any
00600 0 0 allow ipv6-icmp from :: to ff02::/16
00700 0 0 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 0 0 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 0 0 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 0 0 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
65000 1605 241150 allow ip from any to any
65535 0 0 deny ip from any to any
... but nat doesn't works and this Freebsd vm reaches all hosts behind
Juniper appliances
What am I doing wrong??
Thanks.
More information about the freebsd-questions
mailing list