Date: Wed, 07 Jun 2006 01:53:17 +0200 From: Toni Schmidbauer <toni@stderror.at> To: Devin Heckman <terrio@rescomp.berkeley.edu> Cc: freebsd-net@freebsd.org Subject: Re: ipfw, IPSec, and natd Message-ID: <863behaljm.wl%toni@stderror.at> In-Reply-To: <20060606000954.GF18733@rescomp.berkeley.edu> References: <20060606000954.GF18733@rescomp.berkeley.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
At Mon, 5 Jun 2006 17:09:54 -0700, Devin Heckman wrote: > I recently tried to set up a computer to act as a NAT using FreeBSD 6.1. ipfw > functions as it should, as well as IPSec, but I've run into some problems when > setting up the NAT. I have two computers behind it, both of which do not need to > speak IPSec (and aren't configured to do so). The NAT computer should speak > IPSec with one other computer, from which it mounts home directories via NFS. please show us your spd entries (/etc/ipsec.conf), and depict your network layout more clearly (e.g. sample ip-addresses for nat machine, nfs server, client machines...). > When I enable natd, ipfw, and IPSec, the connection to the computer with which I > speak IPSec breaks, but the NAT functions properly. if your ipsec packets get rewritten by natd ah will not work because of changes in the ip header by natd. but i'm not sure if this is your particular problem. toni -- If you understand what you're doing, you're | toni at stderror dot at not learning anything. | Toni Schmidbauer -- Anonymous |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?863behaljm.wl%toni>