[00:54] *** Guest37536 is now known as easymac
[00:55] *** easymac is now known as Guest42801
[01:35] *** joepie91_ is now known as joepie91
[01:35] *** joepie91 has quit IRC (Changing host)
[01:35] *** joepie91 has joined #arpnetworks
[01:55] *** Guest42801 is now known as easymac
[01:55] *** easymac is now known as Guest41122
[02:56] *** Guest41122 is now known as easymac
[02:56] *** easymac is now known as Guest34786
[03:56] *** Guest34786 is now known as easymac
[03:57] *** easymac is now known as Guest13705
[04:57] *** Guest13705 is now known as easymac
[04:58] *** easymac is now known as Guest25195
[05:44] *** Guest25195 has quit IRC (Quit: leaving)
[06:42] *** qbit_ is now known as qbit
[07:05] *** avj has joined #arpnetworks
[07:42] *** easymac has joined #arpnetworks
[07:42] *** easymac has quit IRC (Changing host)
[07:42] *** easymac has joined #arpnetworks
[10:32] *** Guest13550 is now known as pjs
[13:11] *** robonerd has quit IRC (Ping timeout: 252 seconds)
[13:14] *** robonerd has joined #arpnetworks
[13:14] *** robonerd has quit IRC (Changing host)
[13:15] *** robonerd has joined #arpnetworks
[13:48] *** sjackso has joined #arpnetworks
[13:55] *** treshoem has joined #arpnetworks
[13:58] <mnathani> Has anyone tried portforwarding an external ip on an openvpn server over to an internal ip/port on an openvpn client? I am curious how this would be accomplished.
[13:59] <mnathani> I have tried a couple of different NAT / Iptables configs but no luck as yet
[14:01] <brycec> Interesting. No I haven't. I would imagine that it's no different than other routing/natting. However I know that OpenVPN itself has some primitive firewalling (preventing clients from connecting to one another, unless configured to allow it)
[14:02] <mnathani> I came across some blog posts referring to an OpenVPN packet filter
[14:02] <mnathani> but could not find documentation on how to disable / configure it
[14:03] <toddf> mnathani: you would have to (in pf syntax, presuming em0 and tun0) do something akin to .. 'pass in on em0 to (em0) port 1234 rdr-to 10.9.0.2' then 'nat out on tun0 from !(tun0) to (tun0:network)'
[14:03] <toddf> wow I mixed old and new syntax
[14:04] <toddf> the 2nd should be
[14:04] <toddf> 'pass out on tun0 from !(tun0) to (tun0:network) nat-to (tun0)
[14:04] <toddf> '
[14:04] <toddf> bottom line is
[14:04] <mnathani> those pf rules would need to be translated / converted to Iptables syntax on Centos 6?
[14:05] <toddf> remote side of openvpn expects to see your ip / subnet and nothing more unless they are told to route to it. and I doubt you want the remote end to route to 0.0.0.0/0 through your end so translate your end of the openvpn tunnel to what the remote end is expecting to see and use rdr as needed to direct inbound packets on other interfaces across the openvpn tunnel
[14:05] <toddf> mnathani: I have no experience in Centos 6, but since it does iptables you'd need similar concepts, which I'd be surprised if it can't do
[14:06] <mnathani> I dont really mind if all 0.0.0.0/0 gets routed through the openvpn server
[14:07] <mnathani> Its more of an experiment to see if I can connect to the openvpn client which is behind a firewall I do not have control over
[14:07] <mnathani> hence the need to use the vpn to allow inbound access
[14:08] <toddf> consider what 0.0.0.0/0 means. ensure you have a static route to the openvpn server. its a matter of understanding how networking and firewalls work, nothing more. it is doable.
[14:16] <mnathani> nmap output: 3389/tcp filtered ms-term-serv
[14:16] <mnathani> what does the filtered refer to?
[14:17] <mnathani> and how is it different from closed
[14:21] <toddf> filtered indicates to me it has a firewall blocking it vs returning icmp unreach
[14:22] <toddf> if you check nmap while running a tcpdump to watch: \( 192.168.0.112 and tcp port 3389 \) or icmp
[14:22] <toddf> you might see more clearly what this means
[14:24] <mnathani> I got it working
[14:24] <mnathani> my nat rule was too broad
[14:24] <toddf> woot
[14:24] <m0unds> right on
[14:24] <mnathani> I spent hours on it last night
[14:25] <mnathani> here is the nat rule now:
[14:25] <mnathani> iptables -t nat -A POSTROUTING -s 10.8.1.6/32 -j SNAT --to A.B.C.D
[14:25] <mnathani> where A.B.C.D is my vpn server ip
[14:25] <mnathani> previously it was 10.0.0.0/8
[14:44] *** gcw|mbpro has joined #arpnetworks
[14:58] *** guillaum has joined #arpnetworks
[15:54] *** kevr has quit IRC (Changing host)
[15:54] *** kevr has joined #arpnetworks
[15:56] <kevr> ;)
[15:57] <staticsafe> hi kevr
[15:58] <kevr> hello.
[16:55] *** gcw|mini1 has joined #arpnetworks
[16:56] *** gcw|mini1 has quit IRC (Client Quit)
[16:58] *** gcw|mbpro has quit IRC (Ping timeout: 240 seconds)
[19:17] <CaZe>  ~
[19:18] <brycec> !
[19:29] <m0unds> `;->~
[22:42] *** toddf has quit IRC (Quit: leaving)
[22:42] *** toddf has joined #arpnetworks
[22:42] *** ChanServ sets mode: +o toddf
[23:50] <mnathani> can OpenVPN be used to provide IPv6 connectivity to an IPv4 only client (Server would be dual stacked ofcourse)