Hello J65nko
thanks a lot for your explications.
Your network plan is great, but i have an other constellation:
Code:
VPN
|
+-------------------------+ |
| | 10.1.0.254
192.168.50.0/24 --|-Monitoring (intra_if) | (gw)
| | |
192.168.51.0/24 --|-FTP-Server (extra_if) |-- 10.1.0.0/24--|
| | (clients - mgt_if)
192.168.52.0/24 --|-FTP-Clients (sto_if) | (.11/.12/.21/.31)
| |
+-------------------------+
The clients (on 10.1.0.0/24) are communicating over a VPN with the World.
They are connected on the OBSD-FW (mgt_if) to be able to communicate with other FTP-Clients (sto_if) and servers (extra_if), who are localized on the internet. This is the reason, why i have this FW between.
The machine on intra_if will do monitoring of all hosts.
On the FW, i have rules to grant communication between:
- ftp servers/clients (ftp-proxy)
- some ftp-servers (trusted) with my mgt_if workstations (ftp-proxy)
So now, i want to realise at first, monitoring from intra_if (192.168.50.100) to mgt_if (10.1.0.0/24)
The FW should grant ssh, vnc, snmp (161-162) to mgt_if
That´s it
The host (192.168.50.100) have already a route to communicate with mgt_if (route add 10.1.0.0/24 192.168.50.254)
But i can not add a route on the mgt_if-hosts to intra_if (route add 192.168.50.0/24 10.1.0.xxx). That the reason, i was thinking, i can work with a NAT to realise this.
Thanks in advance again