From owner-freebsd-net Sun Apr 8 2:11: 8 2001 Delivered-To: freebsd-net@freebsd.org Received: from coconut.itojun.org (coconut.itojun.org [210.160.95.97]) by hub.freebsd.org (Postfix) with ESMTP id 3C15D37B423; Sun, 8 Apr 2001 02:11:04 -0700 (PDT) (envelope-from itojun@itojun.org) Received: from kiwi.itojun.org (localhost.itojun.org [127.0.0.1]) by coconut.itojun.org (8.9.3+3.2W/3.7W/smtpfeed 1.06) with ESMTP id SAA24340; Sun, 8 Apr 2001 18:10:52 +0900 (JST) To: Gunther Schadow Cc: snap-users@kame.net, users@ipv6.org, net@freebsd.org, ipfw@freebsd.org In-reply-to: gunther's message of Sun, 08 Apr 2001 05:10:46 GMT. <3ACFF2D6.13219EAB@aurora.regenstrief.org> X-Template-Reply-To: itojun@itojun.org X-Template-Return-Receipt-To: itojun@itojun.org X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD 90 5F B4 60 79 54 16 E2 Subject: Re: Consolidating KAME SPD rules and IPFW / IPfilter. From: itojun@iijlab.net Date: Sun, 08 Apr 2001 18:10:52 +0900 Message-ID: <24338.986721052@coconut.itojun.org> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >To which I can only say that in IPv4 world and VPN, NAT is almost >mandatory. For me, using NAT allows me to set up VPN specific >routing for my special project within a corporate network without >bothering the network administrator with using FreeBSD instead of >their Cisco stuff for routing. FreeBSD/KAME needs NAT for allowing >it to being used in production environments today. NAT comes with >IPFW, which is where the circle closes. as mentioned before, there was an discussion about one of the freebsd mailing lists. there was a proposed patch just like below (the following patch works only for the latest KAME tree, not for FreeBSD tree). http://www.kame.net/dev/cvsweb.cgi/kame/freebsd4/sys/netinet/ip_input.c.diff?r1=1.16&r2=1.17 the patch tries to do the following, i have no environment to test. http://www.netbsd.org/Documentation/network/ipsec/#ipf-interaction itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message