Date: Tue, 8 Aug 2000 10:35:36 +0300 From: Ruslan Ermilov <ru@sunbay.com> To: Benjamin Gavin <virtual_olympus@yahoo.com> Cc: freebsd-net@freebsd.org Subject: Re: NATD and non-UDP/TCP packets Message-ID: <20000808103536.C11454@sunbay.com> In-Reply-To: <20000808004424.2838.qmail@web312.mail.yahoo.com>; from virtual_olympus@yahoo.com on Mon, Aug 07, 2000 at 05:44:24PM -0700 References: <20000808004424.2838.qmail@web312.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 07, 2000 at 05:44:24PM -0700, Benjamin Gavin wrote: > Hey all, > I've browsed through the archives and haven't found the answer (although > I have found the question) numerous times. What I am trying to do is > setup some VPN software which uses the ESP and AH protocols (50/51). > Unfortunately natd will not so the translation (as neither are UDP/TCP nor > PPTP). Are there other services available for FreeBSD which will perform > these functions, or is there any possibility that these protocols will be > included in future NATD versions? > You can redirect a particular IP protocol with -redirect_proto rule, or any protocol with -redirect_address rule. > What are the fundamental differences between ESP/AH and TCP/UDP? Are > they inherently more complicated to translate, or is there some checksum > built into the packet which would have to be recalculated upon > translation?? > The main differences is that both TCP and UDP have a concept of port, while generic IP encapsulation protocols do not have it. Please refer to libalias(3) manual page, section CONCEPTUAL BACKGROUND, for more details. > The problem (as I see it) is that natd doesn't touch the outgoing > packets, so the destination machine tries to reply to the internal address > numbers. I can watch the packets with both tcpdump and by logging their > denial on the firewall, but is it possible to get these things NAT'd?? > Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000808103536.C11454>