Date: Wed, 19 Jul 2017 11:27:23 +0200 From: "Muenz, Michael" <m.muenz@spam-fetish.org> To: freebsd-net@freebsd.org Subject: Re: NAT before IPSEC - reply packets stuck at enc0 Message-ID: <1c0de616-91ff-a6f9-d946-f098bc1a709f@spam-fetish.org> In-Reply-To: <a082662c-145e-0132-18ef-083adaa59c33@yandex.ru> References: <459d59f7-2895-8aed-d547-be46a0fbb918@spam-fetish.org> <a082662c-145e-0132-18ef-083adaa59c33@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 19.07.2017 um 10:32 schrieb Andrey V. Elsukov: > > What about reverse NAT rule? You need to translate decrypted packets > back to 10.26.2.0, otherwise they will still have 10.26.1.1 IP address > as final destination and will not be forwarded to 10.26.2.0. > Hi Andrey, I'm not really familiar with ipfw syntax, I'm more the linux guy and there the state you be tracked. How should I build the rules to do the reverse nat? I'm googling for 2 days now but I only found port redirects for this. Thanks for taking the time! Michael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1c0de616-91ff-a6f9-d946-f098bc1a709f>