Date: Thu, 11 Jan 2001 21:47:46 +0900 From: itojun@iijlab.net To: Josef Karthauser <joe@tao.org.uk> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Interaction problem with IKE (racoon) and ipfw divert natd? Message-ID: <29596.979217266@coconut.itojun.org> In-Reply-To: joe's message of Thu, 11 Jan 2001 12:45:11 GMT. <20010111124510.D3594@tao.org.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
>Strangely... if I move the 'allow udp from ME isakmp to HIM isakmp' to >before the 'divert 8668 ip from any to any via fxp1' rule the packet >does go out on the wire! >I wonder whether this is a bug with natd. >Both machines are round about RELENG_4 (far end HIM jan 4th, this end ME >jan 10th). >Any ideas how I can track this down? i have no idea. i think natd captures the outgoing packets and then drops them onto the floor or something like that. we (as kame guys) almost never use ipfw/ipnat, as ipsec is inherently not friendly with them. itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?29596.979217266>