Date: Fri, 30 Jul 2004 12:47:20 +0400 From: "Nickolay A. Kritsky" <nkritsky@star-sw.com> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-net@freebsd.org Subject: Re[4]: ipsec packet filtering Message-ID: <11319912718.20040730124720@star-sw.com> In-Reply-To: <Pine.BSF.4.53.0407300803100.41939@e0-0.zab2.int.zabbadoz.net> References: <652582171.20040730075831@star-sw.com> <Pine.BSF.4.53.0407300457460.41939@e0-0.zab2.int.zabbadoz.net> <12410155296.20040730100443@star-sw.com> <Pine.BSF.4.53.0407300640090.41939@e0-0.zab2.int.zabbadoz.net> <11116772218.20040730115500@star-sw.com> <Pine.BSF.4.53.0407300803100.41939@e0-0.zab2.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Bjoern, Friday, July 30, 2004, 12:12:52 PM, Bjoern A. Zeeb wrote: >> see? if the incoming packet is not in table, _and_ natd is not running >> in proxy_only mode (which is not acceptable here) the packet flows by >> without any change. And that's what the `man natd' says. BAZ> please type BAZ> man natd BAZ> /reverse BAZ> n BAZ> this should be available in 4.9 too. It's there. Oh my god! RTFM forever. Well, thanks a lot, and sorry for time/traffic consumption. <nooffencemeant> I still don't like current situation with the way ipsec is processed by ipfw, </nooffencemeant> but -reverse will help me for now. -- Best regards, ; Nickolay A. Kritsky ; SysAdmin STAR Software LLC ; mailto:nkritsky@star-sw.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?11319912718.20040730124720>