Manuel Giraud <man...@ledu-giraud.fr> writes: > Hi, > > I've set up an openssh based vpn as described in ssh(1). Now, I want to > send all my traffic through this pipe. So I've put the following nat > rules on both ends of the pipe: > match out on em0 from tun0:network nat-to (em0) > > and modified the client route table like this: > route add <ssh-server-ip> <isp-gw> > route change default 10.1.1.1 # <--- IP on tun0 > > It works as needed but now I need to access a service (e.g. a www > server) on <ssh-server-ip> and the www port is filtered by <isp-gw>. How > can I do this? (I've tried some rdr-to and route-to rules on specific > port without success).
Ok, I reply to myself because I found something that works. I prepend the two following rules to my client /etc/pf.conf: match out proto tcp from em0 to <ssh-server-ip> port www \ rdr-to tun0:peer pass out quick proto tcp from em0 to tun0:peer port www \ nat-to tun0 Don't know if it is the best way to do it though. -- Manuel Giraud