Thread: pf.conf and nat
View Single Post
  #5   (View Single Post)  
Old 8th December 2012
latux latux is offline
New User
 
Join Date: Nov 2012
Posts: 2
Default

Hello J65nko
thanks a lot for your explications.
Your network plan is great, but i have an other constellation:

Code:
                                                            VPN
                                                             |
                  +-------------------------+                |
                  |                         |           10.1.0.254
192.168.50.0/24 --|-Monitoring (intra_if)   |               (gw)
                  |                         |                |
192.168.51.0/24 --|-FTP-Server (extra_if)   |-- 10.1.0.0/24--|
                  |                         |  (clients - mgt_if)
192.168.52.0/24 --|-FTP-Clients (sto_if)    |  (.11/.12/.21/.31)
                  |                         |
                  +-------------------------+
The clients (on 10.1.0.0/24) are communicating over a VPN with the World.
They are connected on the OBSD-FW (mgt_if) to be able to communicate with other FTP-Clients (sto_if) and servers (extra_if), who are localized on the internet. This is the reason, why i have this FW between.
The machine on intra_if will do monitoring of all hosts.
On the FW, i have rules to grant communication between:
- ftp servers/clients (ftp-proxy)
- some ftp-servers (trusted) with my mgt_if workstations (ftp-proxy)

So now, i want to realise at first, monitoring from intra_if (192.168.50.100) to mgt_if (10.1.0.0/24)
The FW should grant ssh, vnc, snmp (161-162) to mgt_if
That´s it
The host (192.168.50.100) have already a route to communicate with mgt_if (route add 10.1.0.0/24 192.168.50.254)
But i can not add a route on the mgt_if-hosts to intra_if (route add 192.168.50.0/24 10.1.0.xxx). That the reason, i was thinking, i can work with a NAT to realise this.
Thanks in advance again
Reply With Quote