Hi all!

I am running a server with NetBSD 1.5.1_BETA2. The server
is acting as a router between my home network and the
Internet. It is running DHCP, NAT and ipfilter. I am
also planning to build an ESP+AH tunnel to my office
network.

I need some clarification if this is possible or not.
I have two kinds of information from different documents.
One says, that packets are filtered AFTER address translation
for inbound packets, and BEFORE for outbound packets.

Then src/CHANGES-1.5.1 says that ipfilter now looks
packets in native wire format, before IPsec processing
for inbound and after for outbound packets. Now when
is NAT done in this new architecture, if it can be
done at all, or do I have to buy yet another server?

Can someone please draw or give me a link to a diagram
of packet traversal, I don't want to use the source yet.... :-)

BR,
Teemu

P.S. Please CC: to me as I don't subscribe to this list