Date: Sun, 08 Apr 2001 18:10:52 +0900 From: itojun@iijlab.net To: Gunther Schadow <gunther@aurora.regenstrief.org> Cc: snap-users@kame.net, users@ipv6.org, net@freebsd.org, ipfw@freebsd.org Subject: Re: Consolidating KAME SPD rules and IPFW / IPfilter. Message-ID: <24338.986721052@coconut.itojun.org> In-Reply-To: gunther's message of Sun, 08 Apr 2001 05:10:46 GMT. <3ACFF2D6.13219EAB@aurora.regenstrief.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>To which I can only say that in IPv4 world and VPN, NAT is almost >mandatory. For me, using NAT allows me to set up VPN specific >routing for my special project within a corporate network without >bothering the network administrator with using FreeBSD instead of >their Cisco stuff for routing. FreeBSD/KAME needs NAT for allowing >it to being used in production environments today. NAT comes with >IPFW, which is where the circle closes. as mentioned before, there was an discussion about one of the freebsd mailing lists. there was a proposed patch just like below (the following patch works only for the latest KAME tree, not for FreeBSD tree). http://www.kame.net/dev/cvsweb.cgi/kame/freebsd4/sys/netinet/ip_input.c.diff?r1=1.16&r2=1.17 the patch tries to do the following, i have no environment to test. http://www.netbsd.org/Documentation/network/ipsec/#ipf-interaction itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?24338.986721052>