Hello everyone,
I'm installing and configuring a FreeBSD server which will act as VPN server.
I've got this network configuration:
- DSL internet access. DSL router has the ISP public IP address and the only special configuration is the VPN external port mapping to FreeBSD server port.
- FreeBSD server as VPN server up and running
Now I would like to give access to Internet to one of the LAN computers. How can I get this?
I have enabled IP forwarding with the rc.conf gateway_enable="YES" and configured as default gateway on the computer I want to navigate. Browsing fails
FreeBSD box has three NIC cards:
re0: 192.168.1.50/24 connected to the DSL router
xl0: 10.1.1.50/24 connected to one of the LAN networks (10.1.1.0/24). One of these computers must have temporarily internet access, 10.1.1.60.
xl1: 172.20.3.11/24 connected to the other LAN network (172.30.3.x/24)
This is the rc.conf file contents:
This is the routing table:
From the computer I tried to ping some places. At the same time I have put tcpdump listening to the re0 NIC. I can get just outgoing packets, but I cannot get the answers. I think this means packets coming from LAN jump correctly to the other side but the answers are sent elsewhere:
From 10.1.1.60 web browsing to mail.yahoo.com
And tcpdump listening FreeBSD gets:
On a desperate try I have opened the default FreeBSD configuration allowing traffic from any to any. The firewall ipfw has no configuration, just allow all.
Any idea of what can be happening?
The DSL router must do nothing, isn't it? I mean the route to 10.1.1.0 network
I suppose the DSL router does NAT. Do I need to configure NAT on FreeBSD as well?
I cannot move the public IP to the FreeBSD because there are other connections through it and I must keep them as they are.
Thank you in advance
I'm installing and configuring a FreeBSD server which will act as VPN server.
I've got this network configuration:
- DSL internet access. DSL router has the ISP public IP address and the only special configuration is the VPN external port mapping to FreeBSD server port.
- FreeBSD server as VPN server up and running
Now I would like to give access to Internet to one of the LAN computers. How can I get this?
I have enabled IP forwarding with the rc.conf gateway_enable="YES" and configured as default gateway on the computer I want to navigate. Browsing fails
FreeBSD box has three NIC cards:
re0: 192.168.1.50/24 connected to the DSL router
xl0: 10.1.1.50/24 connected to one of the LAN networks (10.1.1.0/24). One of these computers must have temporarily internet access, 10.1.1.60.
xl1: 172.20.3.11/24 connected to the other LAN network (172.30.3.x/24)
This is the rc.conf file contents:
Code:
ifconfig_re0="inet 192.168.1.50 netmask 255.255.255.0 broadcast 192.168.1.255"
ifconfig_xl1="inet 172.20.3.11 netmask 255.255.255.0 broadcast 172.20.3.255"
ifconfig_xl0="inet 10.1.1.50 netmask 255.255.255.0 broadcast 10.1.1.255"
defaultrouter="192.168.1.1"
gateway_enable="YES"
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/bsdserver.conf"
...
This is the routing table:
Code:
# netstat -rfinet
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 192.168.1.1 UGS re0
10.1.1.0 link#2 U xl0
10.1.1.50 link#2 UHS lo0
localhost link#4 UH lo0
172.20.3.0 link#3 U xl1
172.20.3.11 link#3 UHS lo0
192.168.1.0 link#1 U re0
192.168.1.50 link#1 UHS lo0
192.168.5.0 192.168.5.1 UGS tun0
192.168.5.1 localhost UH lo0
192.168.5.2 link#5 UH tun0
From the computer I tried to ping some places. At the same time I have put tcpdump listening to the re0 NIC. I can get just outgoing packets, but I cannot get the answers. I think this means packets coming from LAN jump correctly to the other side but the answers are sent elsewhere:
From 10.1.1.60 web browsing to mail.yahoo.com
And tcpdump listening FreeBSD gets:
Code:
# tcpdump 'tcp port 80 or 443'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on re0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:01:15.059772 IP 10.1.1.60.26722 > ats1.member.vip.ir2.yahoo.com.http: Flags S, seq 1651573949, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
12:01:15.187625 IP 10.1.1.60.26723 > ats1.member.vip.ir2.yahoo.com.http: Flags S, seq 4242693577, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
12:01:18.076175 IP 10.1.1.60.26722 > ats1.member.vip.ir2.yahoo.com.http: Flags S, seq 1651573949, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
12:01:18.201116 IP 10.1.1.60.26723 > ats1.member.vip.ir2.yahoo.com.http: Flags S, seq 4242693577, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
12:01:24.075712 IP 10.1.1.60.26722 > ats1.member.vip.ir2.yahoo.com.http: Flags S, seq 1651573949, win 8192, options [mss 1460,nop,nop,sackOK], length 0
12:01:24.216182 IP 10.1.1.60.26723 > ats1.member.vip.ir2.yahoo.com.http: Flags S, seq 4242693577, win 8192, options [mss 1460,nop,nop,sackOK], length 0
6 packets captured
310 packets received by filter
0 packets dropped by kernel
On a desperate try I have opened the default FreeBSD configuration allowing traffic from any to any. The firewall ipfw has no configuration, just allow all.
Code:
ipfw list
65535 allow ip from any to any
The DSL router must do nothing, isn't it? I mean the route to 10.1.1.0 network
I suppose the DSL router does NAT. Do I need to configure NAT on FreeBSD as well?
I cannot move the public IP to the FreeBSD because there are other connections through it and I must keep them as they are.
Thank you in advance