Date: Thu, 8 Mar 2001 09:37:18 -0500 (EST) From: Matt Piechota <piechota@argolis.org> To: Ilya <mail@krel.org> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: vpn vs natd Message-ID: <Pine.BSF.4.31.0103080932020.96523-100000@cithaeron.argolis.org> In-Reply-To: <013c01c0a771$e80f3e30$0100a8c0@ilya>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 7 Mar 2001, Ilya wrote: > As far as i know there is no way to make vpn work through many-to-one nat. > Only many-tomany will work. I currently have at home one-to-many (windows > clients through freebsd router), now that i need vpn, i got a second public > ip. Is it somehow possible to setup that all truffic from certin private ip > on my lan would go out as using my new ip? which i guess will reside on same > network card, whoch hosts current public ip. is it also possible to do > without breaking the config i have now? > so i am thinking, many-to-one nat for all windows clients except one, and > many-to-many for only one specific private ip. > how can i do it? You may not need the second IP. For my work's vpn, the server IP is constant, so I have natd set up to direct any incoming traffic from $SERVER_IP to a particular internal IP. It's fairly crufty, and could be considered unsecure (IP spoofing), but it does work. Anyone have a suggestion of a better way? Would ipfw with the state stuff enabled do the same job? -- Matt Piechota Finger piechota@emailempire.com for PGP key AOL IM: cithaeron To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.31.0103080932020.96523-100000>