Date: Fri, 15 Jun 2012 11:33:38 +0700 From: Eugene Grosbein <egrosbein@rdtc.ru> To: Michael Sierchio <kudzu@tenebras.com> Cc: "net@freebsd.org" <net@freebsd.org> Subject: Re: ip_output: NAT then IPSEC Message-ID: <4FDABB22.9040305@rdtc.ru> In-Reply-To: <CAHu1Y729B-nRw2Y8zp8Jj8YfxuC71aFF5Eus5nYJ-F3u9EX10g@mail.gmail.com> References: <4FDA1483.4090207@rdtc.ru> <CAHu1Y729B-nRw2Y8zp8Jj8YfxuC71aFF5Eus5nYJ-F3u9EX10g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
15.06.2012 03:21, Michael Sierchio пишет: > On Thu, Jun 14, 2012 at 9:42 AM, Eugene Grosbein <egrosbein@rdtc.ru> wrote: > >> How do I make FreeBSD 8-based router/NAT/security gateway >> first perform NAT for outgoing packets then apply IPSEC transport mode >> for plain TCP traffic? > > Forgive me, but I have to ask - why? > > IPsec implies pairwise association, and relies on a tunnel - which > means that each side knows both tunnel endpoints and both internal > networks. What do you hope to accomplish with NAT? I have a TCP-service inside local network that is accessable for a couple of external hosts via NAT port forwarding. And I need to protect this TCP stream seamlessly with IPSEC transport mode. Eugene Grosbein
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FDABB22.9040305>