Date: Sat, 27 Apr 2002 10:40:11 -0700 From: Jonathan Feally <vulture@netvulture.com> To: freebsd-net <freebsd-net@freebsd.org> Subject: IPSEC, IPFW, and NATD Message-ID: <3CCAE27B.2010408@netvulture.com>
next in thread | raw e-mail | index | archive | help
Network setup: Networks Inside Net - 192 Outside Net - 63 - Natd from 192 to 63 and back Server Net - 216 I have a esp transport IPSec policy setup from my outside IP(63) to a server on the Internet(216) and back. Machines on the 192 go though the natd on the outside interface and get translated to 63 The packets are then encrypted into the esp packets The server responds back in esp but the packets come back to the natd in esp form not regular packet form. Apparent Packet Flow: echo request 192 -> 216 in interface ed2 echo request 63 -> 216 out interface ed1 - though divert natd esp 63 -> 216 - Packet leaves my side - packet on the network esp 63 -> 216 - Packet gets to server - packet in em0 echo reply 216 -> 63 - Packet decrypted and responded to esp 63 -> 216 - Packet leaves server - out interface em0 esp 63 -> 216 - Packet arrives - in interface ed1 though divert natd packet dropped - firewall recieves reply instead of natd translating back to 192 Any help would be greatly appreciated Thanks Jonathan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CCAE27B.2010408>