Friday, December 24, 2010

PF + NAT + multiple external ips

PF + NAT + multiple external ips

Hi!

I got everything set and working fine, im connecting to a vpn on the machine that nats the user to the external interface, the only thing i do not manage to solve is that i got multiple ips on my external interface

Example of my ifconfig

Code:
inet 95.168.183.173 netmask 0xffffff00 broadcast 95.168.183.255
inet 84.16.247.166 netmask 0xffffffff broadcast 84.16.247.166
inet 84.16.247.167 netmask 0xffffffff broadcast 84.16.247.167
inet 188.72.222.11 netmask 0xffffffff broadcast 188.72.222.11
inet 188.72.222.12 netmask 0xffffffff broadcast 188.72.222.12
inet 188.72.222.13 netmask 0xffffffff broadcast 188.72.222.13
inet 188.72.222.14 netmask 0xffffffff broadcast 188.72.222.14
inet 188.72.222.15 netmask 0xffffffff broadcast 188.72.222.15
inet 188.72.222.16 netmask 0xffffffff broadcast 188.72.222.16
inet 188.72.222.17 netmask 0xffffffff broadcast 188.72.222.17
inet 188.72.222.18 netmask 0xffffffff broadcast 188.72.222.18

The only problem i got is that the vpn users randomly uses all the ips on that interface, one request can be with 84.16.247.166 and the next can be 188.72.222.18.

What im trying to do is that the vpn users only uses the 95.168.183.173 ip (its the default machine ip which all the other softwares also uses), how do i do that? I cant find anything about that in the nat section in pf nor in the openvpn config

===================================

Hello,

put

Code:
local 95.168.183.173 in your openvpn.conf


Quote:
--local host
Local host name or IP address for bind. If specified, OpenVPN
will bind to this address only. If unspecified, OpenVPN will
bind to all interfaces.

---

If you want exactly to tell PF which is the external IP address for NAT you can set for example as follow:

Code:
ext_if="em0"
int_if="em1"


ext_if_ip="95.168.183.173"


nat on $ext_if from $int_if:network -> $ext_if_ip

http://forums.freebsd.org/showthread.php?t=17586

No comments: