[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfilter
Subject: Re: IPNAT with IPSEC
From: Guido van Rooij <guido () gvr ! org>
Date: 2003-06-26 12:54:17
[Download RAW message or body]
On Wed, Jun 25, 2003 at 07:28:40PM +1000, Carl Morley wrote:
>
> Private IP | (A) | | | | (B) | | Private
> IP
> subnets at----| FIREWALL |-----| INTERNET |-----| FIREWALL |---| subnet
> at
> company (A) | | | | | | | company
> (B)
>
> Firewall (B) is expecting all IPSEC traffic to be coming from the public
> IP address on Firewall (A), as tunnelled private IP subnet
> 10.99.99.0/30.
>
> I am trying to NAT all the internal subnets at (A) to 10.99.99.1. But
> it does not seem to work whichever way I try.
>
> Questions:
>
> 1. On which interface should I alias the 10.99.99.1 IP on Firewall (A).
> Choices seem to be internal (fxp2), external (fxp1), loopback (lo0) or
> some gif0 combination. Any other suggestions?
alias? You mean NAT. NAT rewrites source addresses on outgoing interfaces.
This means that you should do IPSEC on a different system after the ipfilter
host.
-Guido
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic