From owner-freebsd-net@FreeBSD.ORG Thu Apr 24 12:13:32 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 92976106566C for ; Thu, 24 Apr 2008 12:13:32 +0000 (UTC) (envelope-from iaccounts@ibctech.ca) Received: from pearl.ibctech.ca (pearl.ibctech.ca [208.70.104.210]) by mx1.freebsd.org (Postfix) with ESMTP id 461118FC25 for ; Thu, 24 Apr 2008 12:13:32 +0000 (UTC) (envelope-from iaccounts@ibctech.ca) Received: (qmail 74032 invoked by uid 1002); 24 Apr 2008 12:13:31 -0000 Received: from iaccounts@ibctech.ca by pearl.ibctech.ca by uid 89 with qmail-scanner-1.22 (spamassassin: 2.64. Clear:RC:1(208.70.104.100):. Processed in 0.067943 secs); 24 Apr 2008 12:13:31 -0000 Received: from unknown (HELO ?192.168.30.110?) (steve@ibctech.ca@208.70.104.100) by pearl.ibctech.ca with (DHE-RSA-AES256-SHA encrypted) SMTP; 24 Apr 2008 12:13:30 -0000 Message-ID: <481078F6.9010108@ibctech.ca> Date: Thu, 24 Apr 2008 08:11:34 -0400 From: Steve Bertrand User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: Baldur Gislason References: <4808A15E.4030007@ibctech.ca> <20080418133417.GA66873@gremlin.foo.is> In-Reply-To: <20080418133417.GA66873@gremlin.foo.is> X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: IPIP tunnel behind NAT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Apr 2008 12:13:32 -0000 Baldur Gislason wrote: > It'll work fine. I've done this several times before. Hmmm. I still can't seem to get this setup to work. The FreeBSD box is in behind a Fortigate 200 unit. > However I've also had NAT implementations which didn't work this way but > this one should definitely work. Are there any ports that need to be opened on the Fortigate to allow the tunnel traffic through? There appears to be no place in the Fortigate to pass protocol 41 traffic. Thanks, Steve