Hi! How do I make FreeBSD 8-based router/NAT/security gateway first perform NAT for outgoing packets then apply IPSEC transport mode for plain TCP traffic? Presently, locally originated packets are encrypted just fine but routed and NAT-ed packet go out unencrypted. I use ipfw nat. Eugene Grosbein