From owner-freebsd-pf@FreeBSD.ORG  Wed Dec 25 20:33:37 2013
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 2BD4B458
 for <freebsd-pf@freebsd.org>; Wed, 25 Dec 2013 20:33:37 +0000 (UTC)
Received: from relay.ibs.dn.ua (relay.ibs.dn.ua [91.216.196.25])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9BF0A1149
 for <freebsd-pf@freebsd.org>; Wed, 25 Dec 2013 20:33:35 +0000 (UTC)
Received: from ibs.dn.ua (relay.ibs.dn.ua [91.216.196.25]) 
 by relay.ibs.dn.ua with ESMTP id rBPKXWRM032021;
 Wed, 25 Dec 2013 22:33:32 +0200 (EET)
Message-ID: <20131225223332.32019@relay.ibs.dn.ua>
Date: Wed, 25 Dec 2013 22:33:32 +0200
From: "Zeus Panchenko" <zeus@ibs.dn.ua>
To: "wishmaster" <artemrts@ukr.net>
Subject: Re: nat before ipsec ...
In-reply-to: Your message of Wed, 25 Dec 2013 22:16:38 +0200
 <1388002486.266885449.d63pm7a2@frv34.ukr.net>
References: <20131225200950.21787@relay.ibs.dn.ua>
 <1388002486.266885449.d63pm7a2@frv34.ukr.net>
Organization: I.B.S. LLC
X-Mailer: MH-E 8.3.1; GNU Mailutils 2.99.98; GNU Emacs 24.0.93
X-Face: &sReWXo3Iwtqql1[My(t1Gkx;
 y?KF@KF`4X+'9Cs@PtK^y%}^.>Mtbpyz6U=,Op:KPOT.uG
 )Nvx`=er!l?WASh7KeaGhga"1[&yz$_7ir'cVp7o%CGbJ/V)j/=]vzvvcqcZkf; JDurQG6wTg+?/xA
 go`}1.Ze//K; Fk&/&OoHd'[b7iGt2UO>o(YskCT[_D)kh4!yY'<&:yt+zM=A`@`~9U+P[qS:f;
 #9z~ Or/Bo#N-'S'!'[3Wog'ADkyMqmGDvga?WW)qd=?)`Y&k=o}>!ST\
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-pf@freebsd.org
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: Zeus Panchenko <zeus@ibs.dn.ua>
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Dec 2013 20:33:37 -0000

=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

wishmaster <artemrts@ukr.net> wrote:

> If I understand you correctly, you want binat inside IPSec and

I'm not sure ... what I want is to nat packets from net A before they
are entering IPSec, as if they originate not on the freebsd host

so, they enters IPSec already as net B packets ...

=2D --=20
Zeus V. Panchenko				jid:zeus@im.ibs.dn.ua
IT Dpt., I.B.S. LLC					  GMT+2 (EET)
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iEYEARECAAYFAlK7QRsACgkQr3jpPg/3oyoDeACglvxBxGXrq1/F5UxjKBIZLuj2
jN8AoNSp+doX77JlS1o4uFnhyQT0C4sC
=3DHPrd
=2D----END PGP SIGNATURE-----