, <mipam@ibb.net>
From: Bruce Martin <brucem@cat.co.za>
List: tech-net
Date: 03/13/2001 08:36:33
I am busy setting up an IPSec tunnel as well. Is the only solution here to
have two separate boxes as gateway stages, the outer one unpacking the
IPSec, and the inner one doing the IP Filtering and NAT?
Thanks
Bruce
-----Original Message-----
From: tech-net-owner@netbsd.org [mailto:tech-net-owner@netbsd.org]On
Behalf Of itojun@iijlab.net
Sent: 13 March 2001 01:21
To: mipam@ibb.net
Cc: tech-net@netbsd.org
Subject: Re: ipf-ipsec interaction
>http://www.netbsd.org/Documentation/network/ipsec/#ipf-interaction
>you mean ipf + ipnat?
ipnat is part of ipf.
>So when just applying transport mode (with only esp)
>in the release branche shouldnt be a
>problem, even not with nat?
for transport mode, there will be less problem. the only problem
i can think of is that, you cannot classify the following packet
as "tcp packet" in ipf rule, since ipf does not chase header chain:
IP AH TCP payload
itojun