Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 10 Mar 2014 19:25:53 +0100
From:      Eric Masson <emss@free.fr>
To:        "John W. O'Brien" <john@saltant.com>
Cc:        Mailing List FreeBSD Network <freebsd-net@FreeBSD.org>, Philipp Schmid <philipp.schmid@openresearch.com>
Subject:   Re: [FreeBSD 10.0] nat before vpn, incoming packets not translated
Message-ID:  <86siqpj4ge.fsf@srvbsdfenssv.interne.associated-bears.org>
In-Reply-To: <531A5FBF.1000507@saltant.com> (John W. O'Brien's message of "Fri, 07 Mar 2014 19:09:35 -0500")
References:  <868uu4rshh.fsf@srvbsdfenssv.interne.associated-bears.org> <53193371.4090603@saltant.com> <09B6BE02-2F04-41A1-AC0D-9A7943F88086@openresearch.com> <86siqtluns.fsf@srvbsdfenssv.interne.associated-bears.org> <531A5FBF.1000507@saltant.com>

index | next in thread | previous in thread | raw e-mail

"John W. O'Brien" <john@saltant.com> writes:

Hi John,

> I haven't done the mind meld with "reverse" yet. 
> Could you comment on why you need to operate in a reversed NAT
> environment?

In this particular case, this is a test lab.
The purpose of this kind of setup is the following :
- administrator of the remote lan demands your endpoint to be seen as a
  unique ip address on his ipsec device.
- subnet ranges on each side conflict, so one must be natted.

> What is it that's being reversed, and how does that apply to your use
> case?

Packets from local lan to remote lan are natted on the internal
interface of gateway1 (source address is translated to match the ipsec
policy)

Regards

Éric


home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86siqpj4ge.fsf>