Menu
▾
▴
Re: [Ipsec-tools-devel] [Q] pf nated packets missing ipsec tunnel ... how to fix?
|
From: Zeus V P. <ze...@ib...> - 2011-07-29 10:36:32
|
Eric Masson (em...@fr...) [11.07.26 15:22] wrote: > Looks a nat before vpn setup on FreeBSD, is it right ? > yes, it is > Seems that FreeBSD PF can't do inside nat atm (maybe in current with pf > 4.5) i was unable to do that with pf ... and gave up and turned to ipfw > Take a look at the thread here : > http://freebsd.1045724.n5.nabble.com/IPSec-nat-on-enc-device-td4023490.html thanks for the link i have studied it and tried all possible (for me) ... still no result > Check for reverse in ipfw manpage (ipfw & pf can be stacked) nothing again ... my peer is PIX, and here my test results: for ipfw configured with natd as well as ipfw_nat: - i *can* see outgoing request packets in natd output (option `-v') but not on gif0 (why?) - `ipfw show' displays for nat rulles, out counter but not in 00500 32 2596 nat 100 ip from a.a.a.0/24 to x.x.x.0/24 or y.y.y.y } out 00501 0 0 nat 100 ip from x.x.x.0/24 to me in - i *can* see incoming (not diverted) reply packets on gif0 - but i *can not* see the reply packets in natd output as well as on any interface, they are disappearing to nowhere ... what can be the cause? how can i get replies to be diverted? -- Zeus V. Panchenko JID:ze...@gn... GMT+2 (EET) |
