Manuel Giraud <man...@ledu-giraud.fr> writes:
> Hi,
>
> I've set up an openssh based vpn as described in ssh(1). Now, I want to
> send all my traffic through this pipe. So I've put the following nat
> rules on both ends of the pipe:
> match out on em0 from tun0:network nat-to (em0)
>
> and modified the client route table like this:
> route add <ssh-server-ip> <isp-gw>
> route change default 10.1.1.1 # <--- IP on tun0
>
> It works as needed but now I need to access a service (e.g. a www
> server) on <ssh-server-ip> and the www port is filtered by <isp-gw>. How
> can I do this? (I've tried some rdr-to and route-to rules on specific
> port without success).
Ok, I reply to myself because I found something that works. I prepend
the two following rules to my client /etc/pf.conf:
match out proto tcp from em0 to <ssh-server-ip> port www \
rdr-to tun0:peer
pass out quick proto tcp from em0 to tun0:peer port www \
nat-to tun0
Don't know if it is the best way to do it though.
--
Manuel Giraud
