|
|||
Traffic between two vpn networks
Hello All,
I am looking for some help on an issue with have two vpn networks. my current system layout I unable to route traffic from the VPN user on 10.8.0.34 to the Web server on the local lan 10.7.1.2. The VPN server 10.8.0.1 can ping the 10.7.1.2 address fine but the user cannot. I have tried everything and my brain is falling apart lol. the PF.conf for the first bsd openvpn box (10.8.0.1) Code:
#Variables ######################## ext_if="sis0" #Internet srv_if="sis1" #Server link drc_if="sis2" #DRAC link vps_if="tun0" #VPN interface that runs as server (for user connection) vpc_if="tun1" #VPN interface that runs as client (for server connection) ovpn=1194 #Initial set up ######################## #set skip on lo #scrub in #Redirects & NAT ######################## #Redirect traffic over FSP VPN from FSP to the server #rdr pass on $vps_if from any to any -> 192.168.1.2 #rdr pass on $vps_if from any to any -> 10.8.0.30 pass out on tun0 from 10.8.0.34/32 to any nat-to 10.9.0.5 #Direct traffic over the FAD VPN from the server to the FADs network nat pass on $vpc_if from $vps_if:network to 10.8.254/0 -> $vpc_if #Direct telnet over FAD connection to DRAC #rdr pass on $vpc_if proto tcp from any to any port 23 -> 192.168.2.2 #RULES ######################## #block all #External Interface #Allow VPN connection in pass in on $ext_if proto udp from any to any port $ovpn #Allow SSH in from Evidence Talks #pass in on $ext_if proto tcp from $et to any port ssh pass in on $ext_if proto tcp from any to any port ssh #Allow all out pass out on $ext_if all #Server Interface pass on $srv_if all #DRAC Interface pass on $drc_if all #VPN Server interface pass on $vps_if all #VPN client interface pass on $vpc_if all Code:
## Configuration ##################### #Interfaces ext_if="em0" #Interface to internet int_if="em1" #Internal inteface to network #Ports ovpn="1194" rdp="3389" #Port sets allowed_web_server_ports="{" $rdp mysql "}" #IPs web_ip="10.7.1.2" #Web server IP web_ports="{ http https }" #allowed ports on web server RULES ######################## set skip on lo #block all # HTTP/S allowed and forwarded to web server #Redirect HTTP/S to web server pass in on $ext_if proto tcp from any to any port $web_ports rdr-to $web_ip #Allow RDP and MySQL and redirect to web server - only From ETL pass in on $ext_if proto tcp from $etl_source_ips to any port $allowed_web_server_ports rdr-to $web_ip #NAT traffic from web server to internet pass out on $int_if from $web_ip to any nat-to $ext_if # Allow OpenVPN connections pass in quick on $ext_if proto udp from any to any port $ovpn #VPN # Allow ssh connections from Evidence Talks pass in on $ext_if proto tcp from $etl_source_ips to any port ssh #Allow all out pass out on $ext_if all #Internal Interface - allow anything pass on $int_if all Last edited by J65nko; 28th January 2013 at 12:38 PM. Reason: [code] and [/code] tags ;) |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Giving Two Seperate Networks Internet With PF | EverydayDiesel | OpenBSD Security | 3 | 21st January 2013 09:13 PM |
Attacking networks using electromagnetic interference | J65nko | News | 0 | 17th January 2013 05:33 PM |
Introduction to TCP/IP networks | jggimi | Guides | 18 | 7th September 2012 12:37 PM |
The unknown /etc/networks file | J65nko | Guides | 5 | 22nd January 2010 03:38 AM |
DMZ for two networks users... | maurobottone | OpenBSD Security | 6 | 2nd June 2008 02:57 PM |