I'm trying to make use of ssh using tun devices. So I have box A with a tun0 10.3.10.1/30 creating a tunnel to box B which has a tun10 10.3.10.230
sshd listens on port 2020 on box A. From box B, ssh 10.3.10.1 -p 2020 works as expected. Here's my problem. I'd like to ssh in to box A from box C, in this case sitting on 76.17.219.196. So I set up the following PF rules on box B... rdr on em0 proto tcp from any to $me port 2020 -> 10.3.10.1 port 2020 pass in route-to tun10 proto tcp from any to 10.3.10.1 port 2020 Now, from box C, ssh $me -p 2020 times out, and the reason why is box A sees the traffic coming from 76.17.219.196 and replies out it's default route. No big deal, I should be able to fix that with route-to rules. So box A gets... pass out on em0 route-to tun0 proto tcp from any to any port 2020 Ideally this rule would be more specific, but I've been getting looser and looser with it trying to see why it won't match. # tcpdump -i em0 port 2020 listening on em0, link-type EN10MB (Ethernet), capture size 96 bytes 21:44:19.408264 IP 10.3.10.1.xinupageserver > c-76-17-219-196.hsd1.mn.comcast.net.49242: S 349765613:349765613(0) ack 97403528 win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 7877043 175504784,sackOK,eol> 21:44:22.408191 IP 10.3.10.1.xinupageserver > c-76-17-219-196.hsd1.mn.comcast.net.49242: S 349765613:349765613(0) ack 97403528 win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 7880043 175504784,sackOK,eol> I thought maybe the state table was involved... # pfctl -s state no output Why are packets going out em0 and ignoring my route-to rule? Ideas, hints, feats of magic? -- Thanks, Josh Paetzel PGP: 8A48 EF36 5E9F 4EDA 5A8C 11B4 26F9 01F1 27AF AECB
signature.asc
Description: This is a digitally signed message part.