From owner-freebsd-security@FreeBSD.ORG  Tue May  6 06:25:28 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A600C37B401
	for <freebsd-security@freebsd.org>;
	Tue,  6 May 2003 06:25:28 -0700 (PDT)
Received: from gigatrex.com (graceland.gigatrex.com [209.10.113.211])
	by mx1.FreeBSD.org (Postfix) with SMTP id 69CA343FB1
	for <freebsd-security@freebsd.org>;
	Tue,  6 May 2003 06:25:27 -0700 (PDT)
	(envelope-from piechota@argolis.org)
Received: (qmail 16330 invoked from network); 6 May 2003 13:26:13 -0000
Received: from unknown (HELO cithaeron.argolis.org) (138.88.116.73)
  by graceland.gigatrex.com with SMTP; 6 May 2003 13:26:13 -0000
Received: from cithaeron.argolis.org (localhost [127.0.0.1])
	h46DR3iN056348;	Tue, 6 May 2003 09:27:03 -0400 (EDT)
	(envelope-from piechota@argolis.org)
Received: from localhost (piechota@localhost)h46DR3bf056345;
	Tue, 6 May 2003 09:27:03 -0400 (EDT)
X-Authentication-Warning: cithaeron.argolis.org: piechota owned process doing
	-bs
Date: Tue, 6 May 2003 09:27:03 -0400 (EDT)
From: Matt Piechota <piechota@argolis.org>
To: Danny Carroll <fbsd@dannysplace.net>
In-Reply-To: <1052214194.d45fa9082ef35@www.dannysplace.com>
Message-ID: <20030506092623.I56271@cithaeron.argolis.org>
References: <20030430190040.A78C937B407@hub.freebsd.org>
	<20030501104614.A29056@chaos.obstruction.com>
	<1052214194.d45fa9082ef35@www.dannysplace.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
Subject: Re: how to configure a FreeBSD firewall to pass IPSec?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 06 May 2003 13:25:29 -0000

On Tue, 6 May 2003, Danny Carroll wrote:

> FYI I have done this in ipfw/natd...  It's just as easy.  I think I only added
> one rule to my firewall and nothing to my natd.conf
>
> Now I can vpn from any machine on the internal lan to multiple vpn's.
> If you want I can send you the ruleset.

Please do!  I was just working up to converting, but if it works, this'll
be much easier.

-- 
Matt Piechota