# How do I lock down the firewall with rtorrent, jail and VPN?



## Dre (Nov 27, 2010)

I have a small problem. I donâ€™t know how (if possible at all) to lock down the firewall with my current setup.
This is how I have it set up right now (Freebsd 8.1 system).
Iâ€™m running rtorrent in a jail.
PF is pointing the jail ip to a VPN tunnel thatâ€™s created with mpd5 (in the base system).
The port_range in the .rtorrent.rc file is set but the packages received/transmitted on the VPN iface is all over the place. I canâ€™t create any firewall rules for themâ€¦
Would it be possible to only direct the VPN traffic to the jail? Could this be done with the route?

In the ideal setup the VPN tunnel would have been created from within the jail but thatâ€™s apparently impossible as far as I can tell.

My current setup is like locking the front door when leaving but leaving the backdoor open. Well, thatâ€™s not really a correct analogy now is itâ€¦ Itâ€™s more like locking the front door on a house with no wallsâ€¦.


----------



## Dre (Nov 27, 2010)

```
netstat -r
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            93.182.190.2       UGS         0   273556    ng0
10.1.1.1           link#3             UH          0    66643    lo1
93.182.190.2       192.168.0.1        UGHS        6   283553    em0
93.182.190.140     link#5             UHS         0       10    lo0
localhost          link#2             UH          0        0    lo0
192.168.0.0        link#1             U           4  1323276    em0
192.168.0.10       link#1             UHS         0        1    lo0
```


----------

