Stefan Tunsch <stunsch <at> korrekto.com> writes: > > > Hi! > > > I need to set up > outbound natting on tun0. > tun0 is the virtual > interface created and used by an OpenVPN client on my pfSense > machine. > > > This interface > (tun0) isn't available for creating rules, NAT, etc on the web interface of > pfSense. > > > How can I set up > outbound NATTING for this interface? > > > Regards, > Stefan > -- > No virus found in this outgoing message. > Checked by AVG Free Edition. > Version: 7.1.409 / Virus Database: 268.14.3/530 - Release Date: 11/11/2006 >
Hi there, i guess i understand the problem you have. i could not find the right button in the web-gui for that setting, but i accomplished it through the cli. you need to have some basic unix skills for that configuration! just take a look at the nat-table with "pfctl -sn", you should see all nat-rules. write them to a temp-file: "pfctl -sn > /var/tmp/tempfile" then edit the temp-file: "vi /var/tmp/tempfile" and go to the last nat-item, for example: --snip-- nat on sis1 inet from 192.168.1.0/24 to any -> (sis1) round-robin rdr-anchor "pftpx/*" all --snip-- duplicate this line and change it to your needs (assume that 192.168.1.0 is your local network and 192.168.2.0 is the ovpn remote network) --snip-- nat on sis1 inet from 192.168.1.0/24 to any -> (sis1) round-robin nat on tun0 inet from 192.168.1.0/24 to 192.168.2.0 -> (tun0) round-robin rdr-anchor "pftpx/*" all --snip-- do not touch the other lines! save the file and reread it with: "pfctl -Nf /var/tmp/tempfile". keep in mind that any change in firewall rules will delete this customization (a reboot will also). try to automate it with grep and cron! if you need further assistance just contact me. if anyone has better solutions, let me know. best regards andreas
