Date: Wed, 25 Dec 2013 21:12:30 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Zeus Panchenko <zeus@ibs.dn.ua> Cc: freebsd-pf@freebsd.org Subject: Re: nat before ipsec ... Message-ID: <alpine.BSF.2.00.1312252101370.4409@ai.fobar.qr> In-Reply-To: <20131225223332.32019@relay.ibs.dn.ua> References: <20131225200950.21787@relay.ibs.dn.ua> <1388002486.266885449.d63pm7a2@frv34.ukr.net> <20131225223332.32019@relay.ibs.dn.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 25 Dec 2013, Zeus Panchenko wrote: > wishmaster <artemrts@ukr.net> wrote: > >> If I understand you correctly, you want binat inside IPSec and that would not really work as policies wouldn't match easily. > I'm not sure ... what I want is to nat packets from net A before they > are entering IPSec, as if they originate not on the freebsd host > > so, they enters IPSec already as net B packets ... If nothing has changed and no one implemented inside NAT for pf (or ported it) it cannot do it; I used to do it with ipfw ages ago, but back then it still required a third policy if I remember correctly. There should be some posting from me on net@ or ipfw@ from sometime in the last decade. /bz -- Bjoern A. Zeeb ????????? ??? ??????? ??????: '??? ??? ???? ?????? ??????? ?? ?? ??????? ??????? ??? ????? ????? ???? ?????? ?? ????? ????', ????????? ?????????, "??? ????? ?? ?????", ?.???
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1312252101370.4409>