From owner-freebsd-questions  Tue Dec 10  8:22: 2 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 22EBA37B401
	for <freebsd-questions@freebsd.org>; Tue, 10 Dec 2002 08:22:02 -0800 (PST)
Received: from smtp012.mail.yahoo.com (smtp012.mail.yahoo.com [216.136.173.32])
	by mx1.FreeBSD.org (Postfix) with SMTP id C1D8243E4A
	for <freebsd-questions@freebsd.org>; Tue, 10 Dec 2002 08:22:01 -0800 (PST)
	(envelope-from jwalters_1@yahoo.com)
Received: from 24-216-194-242.charter.com (HELO yahoo.com) (jwalters?1@24.216.194.242 with plain)
  by smtp.mail.vip.sc5.yahoo.com with SMTP; 10 Dec 2002 16:22:01 -0000
Date: Tue, 10 Dec 2002 11:21:59 -0500
Mime-Version: 1.0 (Apple Message framework v548)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Subject: IPsec on a NAT gateway
From: Jeff Walters <jwalters_1@yahoo.com>
To: freebsd-questions@freebsd.org
Content-Transfer-Encoding: 7bit
Message-Id: <825B5EDE-0C5B-11D7-A833-00039342A52C@yahoo.com>
X-Mailer: Apple Mail (2.548)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

At home I have a FreeBSD gateway working nicely for NAT and firewall.  
One of the machines behind this firewall is an OS X iBook running 
through a WEP-enabled Airport base station in bridged mode (i.e. it 
only bridges the wireless and the ethernet).  WEP has known problems, 
and I'd like to secure the link between the iBook and the FreeBSD 
firewall against snooping or malicious neighbors, etc.

I think that IPsec is the closest thing to an answer, however after 
much digging through setkey man pages, the FreeBSD handbook, and other 
HOWTO web pages nothing clearly describes this configuration.  This is 
not really IPSec transport mode, because it's only secure between host 
and gateway not host and host, and it's not tunnel mode because I'm not 
joining two LANs.  Has anyone done this?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message