From owner-freebsd-net@FreeBSD.ORG Thu Jun 14 16:42:47 2012 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (unknown [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 336011065673 for ; Thu, 14 Jun 2012 16:42:47 +0000 (UTC) (envelope-from egrosbein@rdtc.ru) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [62.231.161.221]) by mx1.freebsd.org (Postfix) with ESMTP id 73F6E8FC17 for ; Thu, 14 Jun 2012 16:42:46 +0000 (UTC) Received: from eg.sd.rdtc.ru (localhost [127.0.0.1]) by eg.sd.rdtc.ru (8.14.5/8.14.5) with ESMTP id q5EGghY2010658 for ; Thu, 14 Jun 2012 23:42:43 +0700 (NOVT) (envelope-from egrosbein@rdtc.ru) Message-ID: <4FDA1483.4090207@rdtc.ru> Date: Thu, 14 Jun 2012 23:42:43 +0700 From: Eugene Grosbein User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; ru-RU; rv:1.9.2.13) Gecko/20110112 Thunderbird/3.1.7 MIME-Version: 1.0 To: "net@freebsd.org" Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: Subject: ip_output: NAT then IPSEC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jun 2012 16:42:47 -0000 Hi! How do I make FreeBSD 8-based router/NAT/security gateway first perform NAT for outgoing packets then apply IPSEC transport mode for plain TCP traffic? Presently, locally originated packets are encrypted just fine but routed and NAT-ed packet go out unencrypted. I use ipfw nat. Eugene Grosbein