[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-net
Subject: Re: ip_output: NAT then IPSEC
From: Eugene Grosbein <egrosbein () rdtc ! ru>
Date: 2012-06-15 4:33:38
Message-ID: 4FDABB22.9040305 () rdtc ! ru
[Download RAW message or body]
15.06.2012 03:21, Michael Sierchio пишет:
> On Thu, Jun 14, 2012 at 9:42 AM, Eugene Grosbein <egrosbein@rdtc.ru> wrote:
>
>> How do I make FreeBSD 8-based router/NAT/security gateway
>> first perform NAT for outgoing packets then apply IPSEC transport mode
>> for plain TCP traffic?
>
> Forgive me, but I have to ask - why?
>
> IPsec implies pairwise association, and relies on a tunnel - which
> means that each side knows both tunnel endpoints and both internal
> networks. What do you hope to accomplish with NAT?
I have a TCP-service inside local network that is accessable
for a couple of external hosts via NAT port forwarding.
And I need to protect this TCP stream seamlessly with IPSEC transport mode.
Eugene Grosbein
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic