From owner-freebsd-questions Fri Oct 27 8:50:39 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mcambria.noddler.com (mcambria.ne.mediaone.net [24.91.184.59]) by hub.freebsd.org (Postfix) with ESMTP id D094C37B479 for ; Fri, 27 Oct 2000 08:50:28 -0700 (PDT) Received: (from cambria@localhost) by mcambria.noddler.com (8.9.3/8.9.3) id KAA00530 for freebsd-questions@freebsd.org; Fri, 27 Oct 2000 10:51:36 -0400 (EDT) (envelope-from cambria) Date: Fri, 27 Oct 2000 10:51:36 -0400 (EDT) From: "Michael C. Cambria" Message-Id: <200010271451.KAA00530@mcambria.noddler.com> To: freebsd-questions@freebsd.org Subject: IPSec (ESP) tunnel through ipfw/natd Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, I'm trying to use my laptop IPSec client to reach work from my home LAN. The LAN uses FreeBSD ipfw/natd to map my private IP addresses to the one address supplied by the cable modem ISP via DHCP. I use rc.firewall as supplied with the type being OPEN (e.g. I'm just using NATD, no firewall.) The laptop can only use IPSec in tunnel mode (corporate policy.) However, it does use ESP only, no AH. Should I be able to tunnel through ipfw/natd with the OPEN rc.firewall rules? Do I need to add any? The archives turned up something about passing esp, but since OPEN passes "all", I do not think this applies to my situation. At present, I only want to allow the laptop on the LAN to tunnel through my FreeBSD machine. Thanks, MikeC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message