Hello all.
I need a little help with double port forwarding using pf, and OpenVPN (bridged).
Here is my set up:
Modem ext_if--public IP
Modem int_if--bridged, non firewalled.
Router ext_if--same public IP as above
Router firewall w/port forwarding (port 1194 to 192.168.20.100)
Router int_if--192.168.20.1
subnet 192.168.20.0
FreeBSD ext_if--static 192.168.20.100
pf w/out ruleset
FreeBSD inf_if--static 192.168.1.150
subnet 192.168.1.0
What I want to do is reach my internal network (192.168.1.0) over OpenVPN, in bridged mode.
Currently, Router is port forwarding 1194 to FreeBSD ext_if, and OpenVPN is set up to bridge FreeBSD ext_if and Tap0. So, I can VPN to the 192.168.20.0 subnet, but not to the internal network.
I'm new to PF and only getting familiar with FreeBSD.
Question:
What rule do I need to port forward 1194 from FreeBSD ext_if to
FreeBSD int_if? both ways?
I figure if I do that, and then bridge FreeBSD int_if and Tap0, I will be able to reach my internal network over the VPN.
Suggestions will be appreciated if there is an easier way to accomplish this.
Thanks in advance!!
My system:
7.1-RELEASE-p8 FreeBSD 7.1-RELEASE-p8 #0: Fri Oct 2 07:10:41 UTC 2009 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386
openvpn-2.0.6_9
/etc/rc.conf in FreeBSD
I need a little help with double port forwarding using pf, and OpenVPN (bridged).
Here is my set up:
Modem ext_if--public IP
Modem int_if--bridged, non firewalled.
Router ext_if--same public IP as above
Router firewall w/port forwarding (port 1194 to 192.168.20.100)
Router int_if--192.168.20.1
subnet 192.168.20.0
FreeBSD ext_if--static 192.168.20.100
pf w/out ruleset
FreeBSD inf_if--static 192.168.1.150
subnet 192.168.1.0
What I want to do is reach my internal network (192.168.1.0) over OpenVPN, in bridged mode.
Currently, Router is port forwarding 1194 to FreeBSD ext_if, and OpenVPN is set up to bridge FreeBSD ext_if and Tap0. So, I can VPN to the 192.168.20.0 subnet, but not to the internal network.
I'm new to PF and only getting familiar with FreeBSD.
Question:
What rule do I need to port forward 1194 from FreeBSD ext_if to
FreeBSD int_if? both ways?
I figure if I do that, and then bridge FreeBSD int_if and Tap0, I will be able to reach my internal network over the VPN.
Suggestions will be appreciated if there is an easier way to accomplish this.
Thanks in advance!!
My system:
7.1-RELEASE-p8 FreeBSD 7.1-RELEASE-p8 #0: Fri Oct 2 07:10:41 UTC 2009 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386
openvpn-2.0.6_9
/etc/rc.conf in FreeBSD
Code:
# -- sysinstall generated deltas -- # Tue May 5 14:16:40 2009
# Created: Tue May 5 14:16:40 2009
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
defaultrouter="192.168.20.1"
gateway_enable="YES"
hostname="fbsd.mydomain.com"
ifconfig_rl0="inet 192.168.20.100 netmask 255.255.255.0"
ifconfig_rl1="inet 192.168.1.150 netmask 255.255.255.0"
inetd_enable="NO"
linux_enable="YES"
sshd_enable="NO"
openssh_enable="YES"
pf_enable="YES"
pflog_enable="YES"
openvpn_enable="YES"
cloned_interfaces="bridge0 tap0"
ifconfig_bridge0="addm rl0 addm tap0"