ip_output: NAT then IPSEC

[Michael Sierchio]

On Thu, Jun 14, 2012 at 9:42 AM, Eugene Grosbein <egrosbein at rdtc.ru> wrote:

> How do I make FreeBSD 8-based router/NAT/security gateway
> first perform NAT for outgoing packets then apply IPSEC transport mode
> for plain TCP traffic?

Forgive me, but I have to ask - why?

IPsec implies pairwise association, and relies on a tunnel - which
means that each side knows both tunnel endpoints and both internal
networks.  What do you hope to accomplish with NAT?

- M