Date: Fri, 03 Dec 1999 03:51:33 +0000 From: jomor <jomor@ahpcns.com> To: snap-users@kame.net, "questions@freebsd.org" <questions@freebsd.org> Subject: firewall rules for kame IPSEC over IPv4 Message-ID: <38473E45.53DD930@ahpcns.com>
next in thread | raw e-mail | index | archive | help
I have a FreeBSD 3.3-STABLE box doing firewall duty. The box is doing
NAT and IPFW filtering as well as some other services. I'd like it to be
an IPSEC tunnel endpoint also. The other end of the tunnel will
hopefully be a "watchguard Firebox II" which is a Linux based
commercial firewall "appliance", although I could set up another
Freebsd/kame box if there are interoperability problems.
I have installed kame and built a new kernel on a test box, and I still
have connectivity. I think I can handle the initial IPSEC configuration
but I don't know what changes I'll need to make to my firewall rules so:
1. The firewall rules don't interfere with the tunnel
2. The traffic through the tunnel bypasses NAT (both "private"
networks are using rfc 1918 addresses).
Once I get this to work I'll be happy to document my experience for the
benefit of those who follow.
TIA ...jgm
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38473E45.53DD930>