Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 07 Jun 2006 01:53:17 +0200
From:      Toni Schmidbauer <toni@stderror.at>
To:        Devin Heckman <terrio@rescomp.berkeley.edu>
Cc:        freebsd-net@freebsd.org
Subject:   Re: ipfw, IPSec, and natd
Message-ID:  <863behaljm.wl%toni@stderror.at>
In-Reply-To: <20060606000954.GF18733@rescomp.berkeley.edu>
References:  <20060606000954.GF18733@rescomp.berkeley.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
At Mon, 5 Jun 2006 17:09:54 -0700,
Devin Heckman wrote:
> I recently tried to set up a computer to act as a NAT using FreeBSD 6.1. ipfw
> functions as it should, as well as IPSec, but I've run into some problems when
> setting up the NAT. I have two computers behind it, both of which do not need to
> speak IPSec (and aren't configured to do so). The NAT computer should speak
> IPSec with one other computer, from which it mounts home directories via NFS.

please show us your spd entries (/etc/ipsec.conf), and depict your
network layout more clearly (e.g. sample ip-addresses for nat machine,
nfs server, client machines...).

> When I enable natd, ipfw, and IPSec, the connection to the computer with which I
> speak IPSec breaks, but the NAT functions properly.

if your ipsec packets get rewritten by natd ah will not work because of
changes in the ip header by natd. but i'm not sure if this is your particular
problem.

toni
-- 
If you understand what you're doing, you're | toni at stderror dot at
not learning anything.                      | Toni Schmidbauer
-- Anonymous                                |



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?863behaljm.wl%toni>