DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 28th January 2013
bertj bertj is offline
New User
 
Join Date: Jan 2013
Posts: 2
Thanked 0 Times in 0 Posts
Default Traffic between two vpn networks

Hello All,
I am looking for some help on an issue with have two vpn networks.
my current system layout


I unable to route traffic from the VPN user on 10.8.0.34 to the Web server on the local lan 10.7.1.2.

The VPN server 10.8.0.1 can ping the 10.7.1.2 address fine but the user cannot.
I have tried everything and my brain is falling apart lol.

the PF.conf for the first bsd openvpn box (10.8.0.1)

Code:
#Variables
########################
ext_if="sis0" #Internet
srv_if="sis1" #Server link
drc_if="sis2" #DRAC link
vps_if="tun0" #VPN interface that runs as server (for user connection)
vpc_if="tun1" #VPN interface that runs as client (for server connection)
ovpn=1194

#Initial set up
########################
#set skip on lo
#scrub in
#Redirects & NAT
########################
#Redirect traffic over FSP VPN from FSP to the server
#rdr pass on $vps_if from any to any  -> 192.168.1.2
#rdr pass on $vps_if from any to any  -> 10.8.0.30 
pass out on tun0 from 10.8.0.34/32 to any nat-to 10.9.0.5 

#Direct traffic over the FAD VPN from the server to the FADs network
nat pass on $vpc_if from $vps_if:network to 10.8.254/0 -> $vpc_if

#Direct telnet over FAD connection to DRAC
#rdr pass on $vpc_if proto tcp from any to any port 23 -> 192.168.2.2
#RULES
########################
#block all

#External Interface
#Allow VPN connection in
pass in on $ext_if proto udp from any to any port $ovpn
#Allow SSH in from Evidence Talks
#pass in on $ext_if proto tcp from $et to any port ssh
pass in on $ext_if proto tcp from any to any port ssh
#Allow all out
pass out on $ext_if all

#Server Interface
pass on $srv_if all

#DRAC Interface
pass on $drc_if all

#VPN Server interface
pass on $vps_if all

#VPN client interface
pass on $vpc_if all
And now the pf.conf for the last bsd openvpn box (10.9.0.1)
Code:
## Configuration
#####################
#Interfaces
ext_if="em0"     #Interface to internet
int_if="em1"     #Internal inteface to network
#Ports
ovpn="1194"
rdp="3389"
#Port sets
allowed_web_server_ports="{" $rdp mysql "}"
#IPs
web_ip="10.7.1.2" #Web server IP
web_ports="{ http https }" #allowed ports on web server
RULES
########################
set skip on lo
#block all

# HTTP/S allowed and forwarded to web server
#Redirect HTTP/S to web server
pass in on $ext_if proto tcp from any 			to any port $web_ports 				rdr-to $web_ip

#Allow RDP and MySQL and redirect to web server - only From ETL
pass in on $ext_if proto tcp from $etl_source_ips 	to any port $allowed_web_server_ports 	rdr-to $web_ip 
#NAT traffic from web server to internet
pass out on $int_if from $web_ip to any nat-to $ext_if

# Allow OpenVPN connections
pass in quick on $ext_if proto udp from any to any port $ovpn #VPN

# Allow ssh connections from Evidence Talks
pass in on $ext_if proto tcp from $etl_source_ips to any port ssh

#Allow all out
pass out on $ext_if all

#Internal Interface - allow anything
pass on $int_if all
If any one could shed some light on the issue i would be a very happy man

Last edited by J65nko; 28th January 2013 at 12:38 PM. Reason: [code] and [/code] tags ;)
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Giving Two Seperate Networks Internet With PF EverydayDiesel OpenBSD Security 3 21st January 2013 09:13 PM
Attacking networks using electromagnetic interference J65nko News 0 17th January 2013 05:33 PM
Introduction to TCP/IP networks jggimi Guides 18 7th September 2012 12:37 PM
The unknown /etc/networks file J65nko Guides 5 22nd January 2010 03:38 AM
DMZ for two networks users... maurobottone OpenBSD Security 6 2nd June 2008 02:57 PM


All times are GMT. The time now is 10:52 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick