Re: Problems with NAT on gif interface for VPN
From: Jeremie Le Hen (jeremie_at_le-hen.org)
Date: 10/29/04
- Previous message: Ollie Cook: "Efficient copying between sockets"
- In reply to: Aaron Nichols: "Re: Problems with NAT on gif interface for VPN"
- Next in thread: Aaron Nichols: "Re: Problems with NAT on gif interface for VPN"
- Reply: Aaron Nichols: "Re: Problems with NAT on gif interface for VPN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 29 Oct 2004 16:14:11 +0200 To: Aaron Nichols <adnichols@gmail.com>
> Rather than a "problem" with ipfw however, I think I've got a
> fundamental problem with how to do this. If I understand correctly, in
> order for natd to "reverse" a divert rule (translate the destination
> IP back to the original IP on return traffic) the packet has to come
> through the same interface it was originally seen by natd on - is this
> correct?
>
> For whatever reason I still seem to be unable to use gif0 for this
> purpose, which seems to be the closest thing to an "ipsec interface"
> available (I'm beginning to think it's nowhere near as useful as enc0
> on OpenBSD). Thus, I'm stuck translating packets when they either
> enter the LAN interface or leave the WAN, the former seems the best
> option.
IIRC, I read somewhere this is precisely the reason why enc(4) was
written.
-- Jeremie Le Hen jeremie@le-hen.org _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Ollie Cook: "Efficient copying between sockets"
- In reply to: Aaron Nichols: "Re: Problems with NAT on gif interface for VPN"
- Next in thread: Aaron Nichols: "Re: Problems with NAT on gif interface for VPN"
- Reply: Aaron Nichols: "Re: Problems with NAT on gif interface for VPN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
