Gosh, had a hard time coming up w/ the subject line for my question.
I have a server that's a gateway and is routing wireguard traffic on the wg0 interface and has a nic, lets call it ena0 for the intranet. My current pf configuratino allows for my wireguard clients to have access to the intranet through nat rules on this gateway.
However, this same gateway also runs various network services on certain ports. I have some rdr rules configured such that traffic coming in on the ena0 interface can be redirected to these services. In addition, it seems that to make these services available for clients coming through the wg0 interface, I have to have an extra rdr rule for that interface as well. Can I avoid this? Can the wg0 packets be routed such that pf running on this gateway server sees the packet arriving on the en0 interface and thus the single rdr rule on ena0 would apply? To be clear, the clients on the wg0 interfaces are using the IP address associated with the ena0 interface on the gateway.
It seems that without the rdr rule on the wg0 interface, these packets are not being redirected.
I can provide pf.conf or whatever configs to help clarify my configuration. Let me know if more details are needed.
Thanks!
I have a server that's a gateway and is routing wireguard traffic on the wg0 interface and has a nic, lets call it ena0 for the intranet. My current pf configuratino allows for my wireguard clients to have access to the intranet through nat rules on this gateway.
However, this same gateway also runs various network services on certain ports. I have some rdr rules configured such that traffic coming in on the ena0 interface can be redirected to these services. In addition, it seems that to make these services available for clients coming through the wg0 interface, I have to have an extra rdr rule for that interface as well. Can I avoid this? Can the wg0 packets be routed such that pf running on this gateway server sees the packet arriving on the en0 interface and thus the single rdr rule on ena0 would apply? To be clear, the clients on the wg0 interfaces are using the IP address associated with the ena0 interface on the gateway.
It seems that without the rdr rule on the wg0 interface, these packets are not being redirected.
I can provide pf.conf or whatever configs to help clarify my configuration. Let me know if more details are needed.
Thanks!