ребята объясните как проложить роутинг!!!
есть система с сетью в мир 172.211.216.0/24
в на ней запущен сервер openvpn который с сетью 192.168.2.1/24
есть клетки 'jeils aka chroot' с сетью 192.168.3.1/24
НАДО: чтоб одна клетка выходила в мир через vpn
ДАНО:
$ cat /etc/pf.conf
table <vpn> { 10.100.2.218/24, 192.168.3.2 }
table <MAIN> { 172.16.27.134 , 172.16.27.137 }
table <DNS> { 8.8.4.4 , 8.8.8.8 }
# Rule 0 (NAT)
nat pass log(all) on em0 from 192.168.3.2 to any -> (tun0)
pass out log quick on tun1 inet proto tcp from <vpn> to any port { 22, 53, 80, 443 } flags any modulate state label "vpn -- ACCEPT"
pass out log quick on tun1 inet proto udp from <vpn> to <DNS> port 53 label "vpn -- ACCEPT"
# allow connect to vpn server
pass log quick on em0 inet proto udp from <MAIN> to any port 5223 label "RULE 18 -- ACCEPT"
$ uname -rs
FreeBSD 8.4-RELEASE-p7
$ openvpn --version
OpenVPN 2.3.2 amd64-portbld-freebsd8.4 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Feb 19 2014
$ ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
ether 00:9c:02:99:53:ac
inet 172.211.216.34 netmask 0xffffffc0 broadcast 172.211.216.63
inet 172.211.216.44 netmask 0xffffffc0 broadcast 172.211.216.63
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
em1: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
ether 00:9c:02:99:53:ad
media: Ethernet autoselect
status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet 192.168.3.0 netmask 0xffffffc0
inet 192.168.3.1 netmask 0xffffffc0
inet 192.168.3.2 netmask 0xffffffc0
inet 192.168.3.3 netmask 0xffffffc0
inet 192.168.3.4 netmask 0xffffffc0
inet 192.168.3.5 netmask 0xffffffc0
inet 192.168.3.6 netmask 0xffffffc0
inet 192.168.3.7 netmask 0xffffffc0
inet 192.168.3.8 netmask 0xffffffc0
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33152
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet 192.168.2.1 --> 192.168.2.1 netmask 0xffffff00
Opened by PID 3970
tun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet 10.100.2.238 --> 10.100.2.238 netmask 0xffffff00
Opened by PID 8458
$ netstat -nr -finet
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 172.211.216.62 UGS 0 8306712 em0
10.100.2.0/24 10.100.2.238 UGS 0 0 tun2
10.100.2.238 link#11 UH 0 0 tun2
172.211.216.0/26 link#2 U 0 0 em0
172.211.216.34 link#2 UHS 0 261 lo0
172.211.216.44 link#2 UHS 0 285 lo0
127.0.0.1 link#6 UH 0 2843249 lo0
192.168.2.0/24 192.168.2.1 UGS 0 1346705 tun0
192.168.2.1 link#9 UH 0 525 tun0
192.168.3.0 link#7 UH 0 182165 lo1
192.168.3.1 link#7 UH 0 3043414 lo1
192.168.3.2 link#7 UH 0 4021598 lo1
192.168.3.3 link#7 UH 0 1358899 lo1
192.168.3.4 link#7 UH 0 5304 lo1
192.168.3.5 link#7 UH 0 28 lo1
192.168.3.6 link#7 UH 0 0 lo1
192.168.3.7 link#7 UH 0 0 lo1
192.168.3.8 link#7 UH 0 0 lo1
