Date: Fri, 29 Oct 2004 16:14:11 +0200 From: Jeremie Le Hen <jeremie@le-hen.org> To: Aaron Nichols <adnichols@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: Problems with NAT on gif interface for VPN Message-ID: <20041029141411.GE10641@sitadelle.com> In-Reply-To: <ac05538404102820171b7b5771@mail.gmail.com> References: <ac0553840410281038224213b@mail.gmail.com> <62721446609.20041028214724@star-sw.com> <ac05538404102820171b7b5771@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Rather than a "problem" with ipfw however, I think I've got a > fundamental problem with how to do this. If I understand correctly, in > order for natd to "reverse" a divert rule (translate the destination > IP back to the original IP on return traffic) the packet has to come > through the same interface it was originally seen by natd on - is this > correct? > > For whatever reason I still seem to be unable to use gif0 for this > purpose, which seems to be the closest thing to an "ipsec interface" > available (I'm beginning to think it's nowhere near as useful as enc0 > on OpenBSD). Thus, I'm stuck translating packets when they either > enter the LAN interface or leave the WAN, the former seems the best > option. IIRC, I read somewhere this is precisely the reason why enc(4) was written. -- Jeremie Le Hen jeremie@le-hen.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041029141411.GE10641>