Hello,
I have looked quite a lot into how to do what I want to do, but can seem to manage it... Sorry for my noobiness in advance...
I have a FreeBSD 14.0-Release-p6. It has 3 interfaces :
- tun0 for a VPN, IP 10.X.X.44
- igb0 for a LAN, IP 192.168.X.136 which gives me internet
I have a PC in the 192.168.X.197 running windows, port 3389 open.
I have another PC_remote on the same LAN as the VPN, IP 10.X.X.2
The gateway is another device, but I don't think it's impacting this question (maybe I'm wrong
)
I would like to be able to access PC_remote in RDP through the FreeBSD.
I thought initially that a simple port forward would be enough, with this pf.conf initially
First I don't really understand the lines other that "rdr" and "pass" as it was there by default. if someone could explain I'd really like that, but it's a detail
With this, I realized with a tcdump on the igb0 port that some frames were going from 10.X.X.2 to 192.168.X.136, but I'm guessing that PC_remote doesn't know where 10.X.X.2 is...
So I'm thinking maybe I should be doing a NAT : I tried going for this :
and combinations of both, but with this I didn't even see the outgoing frames to the PC_Remote...
Any Idea how I could do what I want ?
Thanks in advance, don't hesitate to ask me anything that's not clear
I have looked quite a lot into how to do what I want to do, but can seem to manage it... Sorry for my noobiness in advance...
I have a FreeBSD 14.0-Release-p6. It has 3 interfaces :
- tun0 for a VPN, IP 10.X.X.44
- igb0 for a LAN, IP 192.168.X.136 which gives me internet
I have a PC in the 192.168.X.197 running windows, port 3389 open.
I have another PC_remote on the same LAN as the VPN, IP 10.X.X.2
The gateway is another device, but I don't think it's impacting this question (maybe I'm wrong
)I would like to be able to access PC_remote in RDP through the FreeBSD.
I thought initially that a simple port forward would be enough, with this pf.conf initially
Code:
v4egress_if = "ix0"
v6egress_if = "ix0"
nat on $v4egress_if inet from <cni-nat> to any -> ($v4egress_if)
nat on $v6egress_if inet6 from <cni-nat> to !ff00::/8 -> ($v6egress_if)
rdr-anchor "cni-rdr/*"
nat-anchor "cni-rdr/*"
rdr on tun0 proto tcp from any to tun0 port 3389 -> 192.168.X.197 port 3389
pass from any to any keep state
table <cni-nat>First I don't really understand the lines other that "rdr" and "pass" as it was there by default. if someone could explain I'd really like that, but it's a detail
With this, I realized with a tcdump on the igb0 port that some frames were going from 10.X.X.2 to 192.168.X.136, but I'm guessing that PC_remote doesn't know where 10.X.X.2 is...
So I'm thinking maybe I should be doing a NAT : I tried going for this :
Code:
v4egress_if = "ix0"
v6egress_if = "ix0"
nat on $v4egress_if inet from <cni-nat> to any -> ($v4egress_if)
nat on $v6egress_if inet6 from <cni-nat> to !ff00::/8 -> ($v6egress_if)
nat on tun0 from tun0 to any -> 192.168.X.136
rdr-anchor "cni-rdr/*"
nat-anchor "cni-rdr/*"
pass from any to any keep state
table <cni-nat>and combinations of both, but with this I didn't even see the outgoing frames to the PC_Remote...
Any Idea how I could do what I want ?
Thanks in advance, don't hesitate to ask me anything that's not clear
