Date: Wed, 7 Mar 2001 21:01:53 -0500 From: "Jim Flowers" <jflowers@ezo.net> To: "Ilya" <mail@krel.org>, <freebsd-security@FreeBSD.ORG> Subject: Re: vpn vs natd Message-ID: <004001c0a773$bfe11210$22b197ce@ezo.net> References: <5FE9B713CCCDD311A03400508B8B301305F47C8A@bdr-xcln.is.matchlogic.com> <013c01c0a771$e80f3e30$0100a8c0@ilya>
next in thread | previous in thread | raw e-mail | index | archive | help
You can do VPN and many to one NAT if you use the SKIP port. It takes a throrough understanding of both but you essentially use rules in IPFW to determine what uses VPN and what uses NATD. Search the mailing lists for SKIP where I listed both the criterea and methodology. There is probably a way to do something similar with IPSec but I haven't spent the time to know how to do it. ----- Original Message ----- From: "Ilya" <mail@krel.org> To: <freebsd-security@FreeBSD.ORG> Sent: Wednesday, March 07, 2001 8:48 PM Subject: vpn vs natd > As far as i know there is no way to make vpn work through many-to-one nat. > Only many-tomany will work. I currently have at home one-to-many (windows > clients through freebsd router), now that i need vpn, i got a second public > ip. Is it somehow possible to setup that all truffic from certin private ip > on my lan would go out as using my new ip? which i guess will reside on same > network card, whoch hosts current public ip. is it also possible to do > without breaking the config i have now? > so i am thinking, many-to-one nat for all windows clients except one, and > many-to-many for only one specific private ip. > how can i do it? > > thx a lot. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004001c0a773$bfe11210$22b197ce>