Re: behind openbsd firewall

[Alex Morales <amorales,AT,aaamerica,DOT,com,DOT,mx>]

use binat with pf:

Box A -> <Internet> <- Box B <- Box C

#rule cipe for OpenBSD Box B
binat on xl0 proto udp from C  to A   -> B

On Sun, 22 Dec 2002, James Moss wrote:

> I've been searching for information on how exactly to go about making
> cipe work from behind an OpenBSD firewall/gateway, but haven't been
> succesful.  Searching the archives returns a 404 with the information:
> The requested URL /~W1011/cgi-bin/htsearch was not found on this server.
>
> If anyone has experience in doing this, or can point me to information
> on this I'd appreciate it.  I'm fairly confident that the tunnel works,
> as it did work prior to having the OpenBSD firewall/gateway in place.
>
> The setup is as follows:
>
> Box A -> <Internet> <- Box B <- Box C
>
> previously working was:
> Box A -> <Internet> <- Box C
>
> Box A and Box C are running cipe.  From the information I've gathered,
> it could be as easy as adding a route to Box B to allow safe connection
> from Box C to Box A, but I haven't had any luck.  As I said previously,
> feel free to point me in the correct direction.  Thanks.
>     -James
>
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive: 
><URL:http://sites.inka.de/~bigred/devel/cipe.html>
>

--