source/destination nat pf, user space filtering pf

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

source/destination nat pf, user space filtering pf

milli@adon.li
Hello,

I have got the following situation:
- wan nic: 192.168.0.2/24 - router 192.168.0.1
- vpn nic: 192.168.1.2/24 - router 192.168.1.1
- lan nic: 192.168.2.1/24 - client 192.168.2.99

The default route goes to 192.168.0.1. What I want is to leave the
default route and nat the traffic just from the lan through the vpn.
It's seams that nat is done after routing. If I change the default route
to 192.168.1.1 everything works. But I don't want to change the default
route and I don't want tell the lan clients anything about the vpn
network and I don't want tell the vpn router anything about the lan
network. Is there any solution to do this just with nat alone?

Another question: Are there any plans to include some user space
filtering like http://www.openbeer.it/?open=pq?

I switched back to openbsd for router/fw tasks from linux. I would like
to help to code, to test or just to tell what I need but maybe I'm to
old to do this in this live - maybe next one ;-)

--
Best regards,
Milli

Reply | Threaded
Open this post in threaded view
|

Re: source/destination nat pf, user space filtering pf

milli@adon.li
[hidden email] wrote:

> Hello,
>
> I have got the following situation:
> - wan nic: 192.168.0.2/24 - router 192.168.0.1
> - vpn nic: 192.168.1.2/24 - router 192.168.1.1
> - lan nic: 192.168.2.1/24 - client 192.168.2.99
>
> The default route goes to 192.168.0.1. What I want is to leave the
> default route and nat the traffic just from the lan through the vpn.
> It's seams that nat is done after routing. If I change the default route
> to 192.168.1.1 everything works. But I don't want to change the default
> route and I don't want tell the lan clients anything about the vpn
> network and I don't want tell the vpn router anything about the lan
> network. Is there any solution to do this just with nat alone?

a pass rule with route-to ($vpn_if _192.168.1.1_) helped.

> Another question: Are there any plans to include some user space
> filtering like http://www.openbeer.it/?open=pq?

still open