[FreeBSD 10.0] nat before vpn, incoming packets not translated
Eric Masson
emss at free.fr
Mon Mar 10 18:25:59 UTC 2014
"John W. O'Brien" <john at saltant.com> writes:
Hi John,
> I haven't done the mind meld with "reverse" yet.
> Could you comment on why you need to operate in a reversed NAT
> environment?
In this particular case, this is a test lab.
The purpose of this kind of setup is the following :
- administrator of the remote lan demands your endpoint to be seen as a
unique ip address on his ipsec device.
- subnet ranges on each side conflict, so one must be natted.
> What is it that's being reversed, and how does that apply to your use
> case?
Packets from local lan to remote lan are natted on the internal
interface of gateway1 (source address is translated to match the ipsec
policy)
Regards
Éric
More information about the freebsd-net
mailing list