From owner-freebsd-security Wed Mar 7 18: 7: 1 2001 Delivered-To: freebsd-security@freebsd.org Received: from lily.ezo.net (lily.ezo.net [206.102.130.13]) by hub.freebsd.org (Postfix) with ESMTP id 215B137B719 for ; Wed, 7 Mar 2001 18:06:56 -0800 (PST) (envelope-from jflowers@ezo.net) Received: from savvyd (c3-1a119.neo.rr.com [24.93.230.119]) by lily.ezo.net (8.8.7/8.8.7) with SMTP id VAA18702; Wed, 7 Mar 2001 21:07:23 -0500 (EST) Message-ID: <004001c0a773$bfe11210$22b197ce@ezo.net> From: "Jim Flowers" To: "Ilya" , References: <5FE9B713CCCDD311A03400508B8B301305F47C8A@bdr-xcln.is.matchlogic.com> <013c01c0a771$e80f3e30$0100a8c0@ilya> Subject: Re: vpn vs natd Date: Wed, 7 Mar 2001 21:01:53 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You can do VPN and many to one NAT if you use the SKIP port. It takes a throrough understanding of both but you essentially use rules in IPFW to determine what uses VPN and what uses NATD. Search the mailing lists for SKIP where I listed both the criterea and methodology. There is probably a way to do something similar with IPSec but I haven't spent the time to know how to do it. ----- Original Message ----- From: "Ilya" To: Sent: Wednesday, March 07, 2001 8:48 PM Subject: vpn vs natd > As far as i know there is no way to make vpn work through many-to-one nat. > Only many-tomany will work. I currently have at home one-to-many (windows > clients through freebsd router), now that i need vpn, i got a second public > ip. Is it somehow possible to setup that all truffic from certin private ip > on my lan would go out as using my new ip? which i guess will reside on same > network card, whoch hosts current public ip. is it also possible to do > without breaking the config i have now? > so i am thinking, many-to-one nat for all windows clients except one, and > many-to-many for only one specific private ip. > how can i do it? > > thx a lot. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message