2007/3/19, Almir Karic <[EMAIL PROTECTED]>:
>
> use route tables, set the getaway 10.30.9.253 for the subnet on which
> your other office is, and use your ISP's getaway as default getaway.
> you can manipulate route tables with route(8).
>
> On 3/19/07, Ricardo Lucas <[EMAIL PROTECTED]> wrote:
> > Hello ppl from misc,
> >
> > I have an issue, I have a little lan with a oBSD box that connect to
> my
> > ISP and bring the Internet to this lan, but I have another router inside
> > that lan that connects me to my another office, and I have a win2000
> machine
> > that is the DNS for this router, so, if I want to connect to my other
> office
> > I have to set the machines configurations to gateway -> 10.30.9.253, the
> > router and DNS 10.30.9.250, the win2000 machine, and if I want to use
> the
> > internet i have to use set the machines configurations to gateway ->
> > 10.30.9.254, the oBSD box and DNS are from my ISP.
> > So what I want is that the oBSD handle this job, I mean, I want use only
> the
> > oBSD as a router and when the traffic is for the other office the oBSD
> send
> > the traffic to the 10.30.9.253 router and when the the traffic is for
> the
> > Internet the oBSD send the traffic trough it's connection to my ISP.
> >
> > So, that's it...
> > --
> > Best regards
> > Ricardo Lucas
> >
> >
>
>
> --
> almir
>
# macros
int_if = "rl0"
ext_if = "tun0"
vpn_if = "tun1"
tcp_services = "{ 22, 113 }"
icmp_types = "echoreq"
liberados = "{ 10.30.9.100, 10.30.9.250, 10.30.9.123, 10.30.9.124,
10.30.9.125 }"
priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"
# options
set block-policy return
set loginterface $ext_if
# scrub
scrub in all
#altq on $ext_if cbq bandwidth 960Kb \
# queue { down, net, cpd }
#queue net bandwidth 10% cbq(default)
#queue cpd bandwidth 80% priority 7
#queue down bandwidth 10% priority 1
# nat/rdr
# nat on $ext_if from $int_if:network to any -> ($ext_if)
nat on $ext_if from $liberados to any -> ($ext_if)
rdr pass on $ext_if proto tcp from any to any port 5900 ->
10.30.9.100port 5900
rdr pass on $ext_if proto tcp from any to any port 5800 -> 10.30.9.100 port
5800
rdr pass on $ext_if proto tcp from any to any port 23942 ->
10.30.9.100port 23942
rdr pass on $ext_if proto tcp from any to any port 44277 ->
10.30.9.100port 44277
rdr pass on $ext_if proto udp from any to any port 21632 ->
10.30.9.100port 21632
#rdr pass on $ext_if proto tcp from any to any port 6346 ->
10.30.9.200port 6346
# filter rules
pass quick on lo0 all
pass quick on tun1 all
block log all
block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets
pass in on $int_if from $int_if:network to any keep state
pass out on $int_if from any to $int_if:network keep state
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
#pass out on $ext_if from 10.30.9.200 to any queue down
#pass out on $ext_if from 10.30.9.123 to any queue down
#pass out on $ext_if from 10.30.9.100 to any queue cpd
# pass in on $ext_if inet proto { tcp, udp } from any to any port 80 keep
state
pass in on $ext_if inet proto { tcp, udp } from any to any port 22 keep
state
pass in on $int_if route-to { $int_if 10.30.9.253 } from any to 192.168.26.6
pass out on $int_if from any to any keep state
here is my pf.conf, with that two last lines the traffic from my lan trying
to access the 192.168.26.6 will be redirected to the router from my lan with
the IP 10.39.9.253.
is that correct? because is not working!!!
--
Ricardo Lucas
