From owner-freebsd-security@FreeBSD.ORG Tue May 6 15:52:04 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7952637B401 for ; Tue, 6 May 2003 15:52:04 -0700 (PDT) Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id A4ABA43F3F for ; Tue, 6 May 2003 15:52:03 -0700 (PDT) (envelope-from freebsd-security-local@be-well.no-ip.com) Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com[24.147.188.198]) by attbi.com (sccrmhc02) with ESMTP id <2003050622520300200fk6mee>; Tue, 6 May 2003 22:52:03 +0000 Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com [24.147.188.198] (may be forged)) by be-well.ilk.org (8.12.9/8.12.7) with ESMTP id h46Mq2TU006784 for ; Tue, 6 May 2003 18:52:02 -0400 (EDT) (envelope-from freebsd-security-local@be-well.no-ip.com) Received: (from lowell@localhost) by be-well.ilk.org (8.12.9/8.12.6/Submit) id h46Mq2Lj006781; Tue, 6 May 2003 18:52:02 -0400 (EDT) X-Authentication-Warning: be-well.ilk.org: lowell set sender to freebsd-security-local@be-well.ilk.org using -f Sender: lowell@be-well.no-ip.com To: freebsd-security@freebsd.org References: <20030430094537.A20710@chaos.obstruction.com> <44k7dbn7jv.fsf@be-well.ilk.org> <1052212274.58c5ef8d5376c@www.dannysplace.com> From: Lowell Gilbert Date: 06 May 2003 18:52:02 -0400 In-Reply-To: <1052212274.58c5ef8d5376c@www.dannysplace.com> Message-ID: <44r87bpu25.fsf@be-well.ilk.org> Lines: 6 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: how to configure a FreeBSD firewall to pass IPSec? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 May 2003 22:52:04 -0000 danny@dannysplace.net writes: > Ummm.. I do it... I would have to check my config, but I think it's AH esp. Okay, so how does this work? When NAT munges the TCP header, how do you manage to confirm the ESP header?