Date: Sun, 10 Dec 2006 09:47:04 +0100 From: "=?ISO-8859-1?Q?Andrik=F3_Tam=E1s?=" <at@sominfo.hu> To: freebsd-questions@freebsd.org Subject: packet processing order Message-ID: <155cea990612100047l40a0f181m3d81d20da89183fe@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi list, I wanted to set up a IPSec VPN Tunnel on one of my FreeBSD box. I'm using pf for accomplish firewall. To implement almost the whole task of VPN wasn't a big deal, but I get some trouble adjusting pf.conf. I think I don't understand exactly how the network packet are processed, especially the order of processing of packets. Somehow the tunneled packets don't even get into the gif interface from my local lan. My guess is the following: the packet enter one of the interfaces => apply the incoming pf rules on the appropriate interface (last match win) nat-ing, redirect-ing the packets => apply rdr and nat rules (first match win) routing the packet (ip.forward=1) => if the packet destination cannot be routed drop or dest unreachable putting out the packet (based on routing decision) => apply the outgoing rules on the appropriate interface(last match win) Please correct me if I wrong, and if you could point me to a good tutorial that would be best. (other than http://www.openbsd.org/faq/pf/) Thanks for your help Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?155cea990612100047l40a0f181m3d81d20da89183fe>