Date: Fri, 2 Jun 2006 16:14:51 -0700 From: Devin Heckman <terrio@rescomp.berkeley.edu> To: freebsd-questions@freebsd.org Subject: IPSec, ipfw, and natd Message-ID: <20060602231451.GA18733@rescomp.berkeley.edu>
next in thread | raw e-mail | index | archive | help
Hi, I recently tried to set up a computer to act as a NAT using FreeBSD 6.1. ipfw functions as it should, as well as IPSec, but I've run into some problems when setting up the NAT. I have two computers behind it, both of which do not need to speak IPSec (and aren't configured to do so). The NAT computer should speak IPSec with one other computer, from which it mounts home directories via NFS. When I enable natd, ipfw, and IPSec, the connection to the computer with which I speak IPSec breaks, but the NAT functions properly (can ping everything except the IPSec-speaking NFS server). My ipfw rules look like this: $cmd 0001 allow udp from any to any isakmp $cmd 0002 allow esp from $ipsec_servers to me $cmd 0003 allow ah from $ipsec_servers to me $cmd 0004 divert natd all from any to any via sis0 ... $cmd 0015 allow icmp from any to any $cmd 9900 allow all from me to any $cmd 9910 allow all from any to any established $cmd 9999 deny log all from any to me And natd.conf, which is called when natd is started in the rc scripts, looks like this: port 8668 interface sis0 log yes Does anyone have any experience with problems such as this? Feel free to ask for anything else that may clarify the problem. Thanks, -- Devin Heckman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060602231451.GA18733>