pf rdr statement & ipsec processing interaction
Eric Masson
emss at free.fr
Tue Aug 14 10:04:37 UTC 2007
"Bjoern A. Zeeb" <bzeeb-lists at lists.zabbadoz.net> writes:
Hello Bjoern & all,
> this is expected behavior. You want to read about the
> IPSEC_FILTERTUNNEL (fka. IPSEC_FILTERGIF) kernel option and
> enc(4).
I've compiled a new kernel with IPSEC_FILTERGIF, tcpdump now can see
unencrypted L2TP packets on external interfaces but rdr rule doesn't
have any effect.
Just to be sure, I added "device enc" to the kernel configuration and
changed the rdr rule to :
rdr on enc0 proto udp from any to ($ext_if) port 1701 -> 10.127.0.1 port 1701
But no success atm. Any idea ?
Regards
Éric Masson
--
FYLG> Tiens, vlà une URL qui va bien :
FYLG> ftp://127.0.0.1/WaReZ/NiouZeS/WinDoZe/NeWSMoNGeR/SuPeR
c'est gentil sauf que l'adresse ne fonctionne pas sa me fais une erreur
-+- Furtif in Guide du Neuneu Usenet : <MODE CERVEAU OFF> -+-
More information about the freebsd-net
mailing list