Date: Wed, 25 Dec 2013 22:16:38 +0200 From: wishmaster <artemrts@ukr.net> To: Zeus Panchenko <zeus@ibs.dn.ua> Cc: freebsd-pf@freebsd.org Subject: Re: nat before ipsec ... Message-ID: <1388002486.266885449.d63pm7a2@frv34.ukr.net> In-Reply-To: <20131225200950.21787@relay.ibs.dn.ua> References: <20131225200950.21787@relay.ibs.dn.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
If I understand you correctly, you want binat inside IPSec and therefore you must enable filtering in tunnel. This will help you: net.inet.ipsec.filtertunnel=1 Cheers, w --- Original message --- From: "Zeus Panchenko" <zeus@ibs.dn.ua> Date: 25 December 2013, 20:11:05 > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > hi, > > please, may somebody help with the subj? is it possible at all on > FreeBSD with pf? > > I need to binat some of my LAN (network A) ip addresses to some of > secure communication addresses (network B) for, behind IPSec network C, > access > > target <-> world <--> em0 - freebsd - vlanA <--> LAN > ^ ^ net A > | | > +- netC -.-.-.-.- IPSec -.-.-.-.- net B -+ > > when I land some B network address on freebsd box, than everything from > that address works but, when I try to bi/nat some network A address to some > network B address, it is not > > in pf.conf I try this: > > binat on vlanA from A1 to C3 -> B2 > > where: > A1 is some address from net A > B2 is some address from net B > C3 is some address from net C > > I can see incoming packets from A1 to C3 on interface vlanA, but after > that, packets "disappears", I can not find them any other interface and > no return packets > > as far as I know I need "nat before vpn" ... but I was not able to find > how to do that ... can I do that with pf on freebsd? > > I run FreeBSD 9.2-PRERELEASE #6 r255856: amd64 with system pf > > please, help me understand what am I missing ... > > - -- > Zeus V. Panchenko jid:zeus@im.ibs.dn.ua > IT Dpt., I.B.S. LLC GMT+2 (EET) > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.19 (FreeBSD) > > iEYEARECAAYFAlK7H24ACgkQr3jpPg/3oypenQCeI6R+2lILmP0UxDT273T1S8nU > 078AoJ3n1NRfU4L0pSrOKSDYovMpbIRF > =2FPq > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1388002486.266885449.d63pm7a2>