nat before ipsec ...
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Wed Dec 25 21:12:37 UTC 2013
On Wed, 25 Dec 2013, Zeus Panchenko wrote:
> wishmaster <artemrts at ukr.net> wrote:
>
>> If I understand you correctly, you want binat inside IPSec and
that would not really work as policies wouldn't match easily.
> I'm not sure ... what I want is to nat packets from net A before they
> are entering IPSec, as if they originate not on the freebsd host
>
> so, they enters IPSec already as net B packets ...
If nothing has changed and no one implemented inside NAT for pf (or
ported it) it cannot do it; I used to do it with ipfw ages ago, but
back then it still required a third policy if I remember correctly.
There should be some posting from me on net@ or ipfw@ from sometime in
the last decade.
/bz
--
Bjoern A. Zeeb ????????? ??? ??????? ??????:
'??? ??? ???? ?????? ??????? ?? ?? ??????? ??????? ??? ????? ????? ????
?????? ?? ????? ????', ????????? ?????????, "??? ????? ?? ?????", ?.???
More information about the freebsd-pf
mailing list