My setup is as follows:
Gateway <--wireguard--> Router <--> Mailserver
The wireguard is set up properly; Mailserver and Gateway can ssh to each other. The gateway redirects port 22 to the Mailserver. And that is the non-working part;
Here's the gateway pf.conf:
And here's the Mailserver pf.conf:
It's probably just something small that I'm missing...
The Mailserver pf seems to not be the problem, since disabling pf there does not fix anything.
Gateway <--wireguard--> Router <--> Mailserver
The wireguard is set up properly; Mailserver and Gateway can ssh to each other. The gateway redirects port 22 to the Mailserver. And that is the non-working part;
ssh -p 22 Gateway should ssh to the Mailserver, and while the router does show me that there is a connection to the Mailserver happening, it simply times out.Here's the gateway pf.conf:
Code:
ext_if="vtnet0"
wg_if="wg0"
wg_net="{ 172.16.0.0/16, 10.0.0.0/16, 10.1.0.0/16 }"
serverports="{ 22, 80 }"
set skip on lo0
set block-policy return
scrub in on $ext_if all fragment reassemble
nat on $ext_if from $wg_net to any -> ($ext_if:0)
rdr pass on vtnet0 inet proto tcp from any to EXTERNAL_IP port = 22 -> 10.0.0.50 port 22
pass out all
antispoof for $ext_if
pass in quick proto tcp from any to any port 8022 flags S/SA modulate state
pass in quick proto udp from any to any port 51820
pass in on wg0 from any to any
pass quick on $wg_if
#pass out keep stateAnd here's the Mailserver pf.conf:
Code:
ext_if="re0"
phy_if="re0"
set block-policy return
#scrub in on $phy_if all fragment reassemble
set skip on lo
table <jails> persist
nat on $ext_if from <jails> to any -> ($ext_if:0)
rdr-anchor "rdr/*"
block in all
pass out quick keep state
antispoof for $phy_if inet
pass in inet proto tcp from any to any port ssh flags S/SA keep stateIt's probably just something small that I'm missing...
The Mailserver pf seems to not be the problem, since disabling pf there does not fix anything.