Date: Fri, 07 Mar 2014 19:09:35 -0500 From: "John W. O'Brien" <john@saltant.com> To: Eric Masson <emss@free.fr>, Philipp Schmid <philipp.schmid@openresearch.com> Cc: Mailing List FreeBSD Network <freebsd-net@FreeBSD.org> Subject: Re: [FreeBSD 10.0] nat before vpn, incoming packets not translated Message-ID: <531A5FBF.1000507@saltant.com> In-Reply-To: <86siqtluns.fsf@srvbsdfenssv.interne.associated-bears.org> References: <868uu4rshh.fsf@srvbsdfenssv.interne.associated-bears.org> <53193371.4090603@saltant.com> <09B6BE02-2F04-41A1-AC0D-9A7943F88086@openresearch.com> <86siqtluns.fsf@srvbsdfenssv.interne.associated-bears.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On 3/7/14 1:40 PM, Eric Masson wrote: > Philipp Schmid <philipp.schmid@openresearch.com> writes: > > Hi Philipp, > >> FreeBSD 10 seems to have problems with IPSec and filtering/nat. >> Maybe your problem is related to: >> >> http://www.freebsd.org/cgi/query-pr.cgi?pr=185876 > > I've rebuilt a kernel with the last patch available in the PR. > It doesn't work (return nat rule in place). > > I think I'll try the following setup on gateway1 : > - IIPTran https://www.ietf.org/rfc/rfc3884.txt (ipip tunnel in transport > mode) > - outside nat with pf on gif interface > > What bothers me is that ipfw reverse nat should work... I haven't done the mind meld with "reverse" yet. Could you comment on why you need to operate in a reversed NAT environment? What is it that's being reversed, and how does that apply to your use case? Regards, John [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJTGl/FAAoJEBRzAKlhyP/F1xEIAMBRimMHSUueti5n8+Wl/7yb EdckI1x5W0+We4Egr/Syjq6vCpWitKpyVpv/M0Ud0+feOXJiCaOGY9LMtgcntINg 1W9OofYDI1VmLjvHi5VTtc5L/k108pa79wuBkZtRr7qD3QvgRTBZLe7PAea/C7h4 BJXrEBKgF14vr83emt/6dNC2mlYlwrgfPu5ZDftITQ3sjr+kjyJtoiLQHPESBC9B amW9P8EELBC+Sg75PdajaZcEigw8rtHnluTUF1FewnL2MgiAnLNxJT5GjavJH73W q9ZzFU35KtRZuPVWGSY5euhuUQ9vTIKejqeZVEERCj3FyVvAtwG+/RiXa6YwHGo= =t2dU -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?531A5FBF.1000507>