Date: Thu, 24 Apr 2008 18:10:35 +0000 From: Baldur Gislason <baldur@foo.is> To: Steve Bertrand <iaccounts@ibctech.ca> Cc: freebsd-net@freebsd.org Subject: Re: IPIP tunnel behind NAT Message-ID: <20080424181035.GC66873@gremlin.foo.is> In-Reply-To: <481078F6.9010108@ibctech.ca> References: <4808A15E.4030007@ibctech.ca> <20080418133417.GA66873@gremlin.foo.is> <481078F6.9010108@ibctech.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
You need to do do a one-to-one NAT, so protocol 94 (IPIP) packets get forwarded. It's not TCP or UDP, so no ports there. Alternatively, you can set up a NAT traversing IPSEC-in-UDP tunnel, but that requires a kernel patch. Baldur On Thu, Apr 24, 2008 at 08:11:34AM -0400, Steve Bertrand wrote: > Baldur Gislason wrote: > >It'll work fine. I've done this several times before. > > Hmmm. I still can't seem to get this setup to work. The FreeBSD box is > in behind a Fortigate 200 unit. > > >However I've also had NAT implementations which didn't work this way but > >this one should definitely work. > > Are there any ports that need to be opened on the Fortigate to allow the > tunnel traffic through? There appears to be no place in the Fortigate to > pass protocol 41 traffic. > > Thanks, > > Steve > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080424181035.GC66873>