[FreeBSD 10.0] nat before vpn, incoming packets not translated
John W. O'Brien
john at saltant.com
Sat Mar 8 00:09:56 UTC 2014
On 3/7/14 1:40 PM, Eric Masson wrote:
> Philipp Schmid <philipp.schmid at openresearch.com> writes:
>
> Hi Philipp,
>
>> FreeBSD 10 seems to have problems with IPSec and filtering/nat.
>> Maybe your problem is related to:
>>
>> http://www.freebsd.org/cgi/query-pr.cgi?pr=185876
>
> I've rebuilt a kernel with the last patch available in the PR.
> It doesn't work (return nat rule in place).
>
> I think I'll try the following setup on gateway1 :
> - IIPTran https://www.ietf.org/rfc/rfc3884.txt (ipip tunnel in transport
> mode)
> - outside nat with pf on gif interface
>
> What bothers me is that ipfw reverse nat should work...
I haven't done the mind meld with "reverse" yet. Could you comment on
why you need to operate in a reversed NAT environment? What is it that's
being reversed, and how does that apply to your use case?
Regards,
John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 535 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20140307/8b7d5ee0/attachment.sig>
More information about the freebsd-net
mailing list