Date: Wed, 25 Dec 2013 20:09:50 +0200 From: "Zeus Panchenko" <zeus@ibs.dn.ua> To: <freebsd-pf@freebsd.org> Subject: nat before ipsec ... Message-ID: <20131225200950.21787@relay.ibs.dn.ua>
next in thread | raw e-mail | index | archive | help
=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi,
please, may somebody help with the subj? is it possible at all on
FreeBSD with pf?
I need to binat some of my LAN (network A) ip addresses to some of
secure communication addresses (network B) for, behind IPSec network C,
access
target <-> world <--> em0 - freebsd - vlanA <--> LAN
^ ^ net A
| |
+- netC -.-.-.-.- IPSec -.-.-.-.- net B -+
when I land some B network address on freebsd box, than everything from
that address works but, when I try to bi/nat some network A address to some
network B address, it is not
in pf.conf I try this:
binat on vlanA from A1 to C3 -> B2
where:
A1 is some address from net A
B2 is some address from net B
C3 is some address from net C
I can see incoming packets from A1 to C3 on interface vlanA, but after
that, packets "disappears", I can not find them any other interface and
no return packets
as far as I know I need "nat before vpn" ... but I was not able to find
how to do that ... can I do that with pf on freebsd?
I run FreeBSD 9.2-PRERELEASE #6 r255856: amd64 with system pf
please, help me understand what am I missing ...
=2D --=20
Zeus V. Panchenko jid:zeus@im.ibs.dn.ua
IT Dpt., I.B.S. LLC GMT+2 (EET)
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)
iEYEARECAAYFAlK7H24ACgkQr3jpPg/3oypenQCeI6R+2lILmP0UxDT273T1S8nU
078AoJ3n1NRfU4L0pSrOKSDYovMpbIRF
=3D2FPq
=2D----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20131225200950.21787>