From owner-freebsd-questions Thu Feb 1 6:28: 0 2001 Delivered-To: freebsd-questions@freebsd.org Received: from rerun.lucentctc.com (rerun.lucentctc.com [199.93.237.2]) by hub.freebsd.org (Postfix) with ESMTP id 23C4637B67D; Thu, 1 Feb 2001 06:27:40 -0800 (PST) Received: by rerun.lucentctc.com with Internet Mail Service (5.5.2650.21) id ; Thu, 1 Feb 2001 09:27:38 -0500 Message-ID: <3A6D367EA1EFD4118C9B00A0C9DD99D7064B29@rerun.lucentctc.com> From: "Cambria, Mike" To: 'Ruslan Ermilov' , David Erickson Cc: freebsd-questions@FreeBSD.ORG Subject: RE: Freebsd and NATD of ip-protocol-50 Date: Thu, 1 Feb 2001 09:27:30 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I had problems doing this with 3.4-Stable. Upgrading to 4.*-Stable has fixed it. I use the "simple" ipfw rules, nothing special is needed for esp/ah. MikeC -----Original Message----- From: Ruslan Ermilov [mailto:ru@FreeBSD.ORG] Sent: Thursday, February 01, 2001 2:45 AM To: David Erickson Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Freebsd and NATD of ip-protocol-50 On Thu, Feb 01, 2001 at 01:27:54AM -0500, David Erickson wrote: > > I am running Freebsd 3.5-STABLE. I am trying to do a static NAT > translate to a real internet address from one of my machines on the > internal lan to the Checkpoint firewall at work which uses > ip-protocol-50. When I look at natd with the -v flag it doesn't > translate my internal address to the external address. All other tcp > and udp translations occur normally though. Any ideas on how I can > get this to work? I connect normally when doing this behind a cisco > router running nat in my tests. So Im pretty sure my problem here is > natd. Any help would be appreciated. Please email me directly at > erickson@mddsg.com > Do you have the ``divert natd esp from ... to ...'' rule? Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message