Solved RDR from VPN into a Jail

rudelgurke

rudelgurke

Hello :)

Well - first maybe the setup. I'm running several Jails, each is listening on it's own "lo" interface.

Code: 
ifconfig_lo1="inet 127.0.10.1 netmask 255.255.255.255"

Inside this Jail a specific service is running, e.g. MySQL. The plain communication inside the Jail works, also connecting from other Jails.
Now there's a VPN through a dedicated GIF interface - which works as well.

Code: 
ifconfig_gif0="inet 10.0.1.1 10.0.1.2 netmask 255.255.255.255 tunnel 172.16.0.1 172.16.0.2"

Using pf with RDR's I can - as example - connect from the outside to the service running inside the Jail (em0 is the external interface)

Code: 
...
rdr on em0 inet proto { tcp udp } from any to em0 port 3306 -> 127.0.10.1 port 3306
...

The problem is how I can connect from the other side of the VPN (172.16.0.2) to - in this example - MySQL running at 172.16.0.1 / 127.0.10.1

Running a simple proxy service that listens on the internal sides of the VPN and redirects works without any problems, still this leaves the problem client IP's are messed up.

I've been trying something simple like:

Code: 
rdr on gif0 inet proto [ tcp udp } from any to any port 3306 -> 127.0.10.1 port 3306

Without any success, trying to to run "telnet 172.16.0.1 3306".

Anything I've overseen maybe or is this even possible at all ?
 
Why don't you simply fix the routing and use a different 172.16.0.0/12 subnet for lo1? That way you don't have to muck about with NAT.
 
Yip - a quick test @ the local environment did work well. Now time to get it on the more production-like systems
 
You must log in or register to reply here.
Back
Top