Hello
Well - first maybe the setup. I'm running several Jails, each is listening on it's own "lo" interface.
Inside this Jail a specific service is running, e.g. MySQL. The plain communication inside the Jail works, also connecting from other Jails.
Now there's a VPN through a dedicated GIF interface - which works as well.
Using pf with RDR's I can - as example - connect from the outside to the service running inside the Jail (em0 is the external interface)
The problem is how I can connect from the other side of the VPN (172.16.0.2) to - in this example - MySQL running at 172.16.0.1 / 127.0.10.1
Running a simple proxy service that listens on the internal sides of the VPN and redirects works without any problems, still this leaves the problem client IP's are messed up.
I've been trying something simple like:
Without any success, trying to to run "telnet 172.16.0.1 3306".
Anything I've overseen maybe or is this even possible at all ?
Well - first maybe the setup. I'm running several Jails, each is listening on it's own "lo" interface.
Code:
ifconfig_lo1="inet 127.0.10.1 netmask 255.255.255.255"
Inside this Jail a specific service is running, e.g. MySQL. The plain communication inside the Jail works, also connecting from other Jails.
Now there's a VPN through a dedicated GIF interface - which works as well.
Code:
ifconfig_gif0="inet 10.0.1.1 10.0.1.2 netmask 255.255.255.255 tunnel 172.16.0.1 172.16.0.2"
Using pf with RDR's I can - as example - connect from the outside to the service running inside the Jail (em0 is the external interface)
Code:
...
rdr on em0 inet proto { tcp udp } from any to em0 port 3306 -> 127.0.10.1 port 3306
...
The problem is how I can connect from the other side of the VPN (172.16.0.2) to - in this example - MySQL running at 172.16.0.1 / 127.0.10.1
Running a simple proxy service that listens on the internal sides of the VPN and redirects works without any problems, still this leaves the problem client IP's are messed up.
I've been trying something simple like:
Code:
rdr on gif0 inet proto [ tcp udp } from any to any port 3306 -> 127.0.10.1 port 3306
Without any success, trying to to run "telnet 172.16.0.1 3306".
Anything I've overseen maybe or is this even possible at all ?