ip_output: NAT then IPSEC
Eugene Grosbein
egrosbein at rdtc.ru
Fri Jun 15 04:33:42 UTC 2012
15.06.2012 03:21, Michael Sierchio пишет:
> On Thu, Jun 14, 2012 at 9:42 AM, Eugene Grosbein <egrosbein at rdtc.ru> wrote:
>
>> How do I make FreeBSD 8-based router/NAT/security gateway
>> first perform NAT for outgoing packets then apply IPSEC transport mode
>> for plain TCP traffic?
>
> Forgive me, but I have to ask - why?
>
> IPsec implies pairwise association, and relies on a tunnel - which
> means that each side knows both tunnel endpoints and both internal
> networks. What do you hope to accomplish with NAT?
I have a TCP-service inside local network that is accessable
for a couple of external hosts via NAT port forwarding.
And I need to protect this TCP stream seamlessly with IPSEC transport mode.
Eugene Grosbein
More information about the freebsd-net
mailing list