[HECnet] Config tool feature request
Cory Smelosky
b4 at gewt.net
Thu May 1 19:03:33 PDT 2014
On Thu, 1 May 2014, Brian Hechinger wrote:
On Wed, Apr 30, 2014 at 10:46:47PM -0400, Cory Smelosky wrote:
Brian,
As I run pf at the Edge, can you add a bit that autogenerates a file
that looks like:
pass in on $ext_if proto gre from <remote tunnel IP> to any port
rdr-to 10.10.0.10 port snmp
for each tunnel? I'll likely pull it from tftp using a cronjob and
shoving it in to a pf anchor.
Use a table instead.
Oooh. I wasn't aware of tables. Pf really does have some neat features.
table <hecnet_gre> persist file "/etc/hecnet"
pass in on $ext_if proto gre from <hecnet_gre> to any port
rdr-to 10.10.0.10 port snmp
then fetch ip_list via tftp and put it as /etc/hetnet
I have tftp-proxy running, but I was unable to pull anything via tftp. Is it my end or yours?
Then run: pfctl -t hecnet_gre -Tr -f /etc/hetnet
This file is re-generated every time my script is triggered. That being
said, it obviously only changes if people join/leave/change ip.
-brian
Is anyone else's end up? My DNS is up, rules are in place and no GRE packets were being logged to pflog.
--
Cory Smelosky
http://gewt.net Personal stuff
http://gimme-sympathy.org Projects
More information about the Hecnet-list
mailing list