Date: Sat, 9 Apr 2005 14:37:24 +0100 From: "Vince" <jhary@unsane.co.uk> To: "'John Mok'" <jmok@attglobal.net>, <freebsd-net@freebsd.org> Subject: RE: FreeBSD Firewall + NAT Traversal + IPsec Message-ID: <200504091337.j39Db6wv028638@unsane.co.uk> In-Reply-To: <42555C87.7030700@attglobal.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I do this with the cisco VPN client (to PIX),
I am firewalling with pf.
Client --- FreeBSD firewall+NAT using pf --- internet - PIX
The only problem I had was that isakmp needs to come from
port 500 as well as go to port 500 so I needed to add a rule
To stop pf changing the source port. My nat rules are:
nat on $ext_if inet proto { tcp, udp } from $int_net port = 500 \
to any -> ($ext_if:0) port 500
nat on $ext_if from $int_net to any -> $ext_addr1
Havent tried checkpoint though.
Vince
> -----Original Message-----
> From: owner-freebsd-net@freebsd.org
> [mailto:owner-freebsd-net@freebsd.org] On Behalf Of John Mok
> Sent: 07 April 2005 17:15
> To: freebsd-net@freebsd.org
> Subject: FreeBSD Firewall + NAT Traversal + IPsec
>
> Hi,
>
> I'm new to FreeBSD. Is it possible make a FreeBSD box with
> firewall + NAT, such that client PC(s) from the NATed
> internal network could connect to a VPN gateway on the Internet :-
>
> client PC ----- FreeBSD Firewall + NAT ---- Internet ----
> IPsec VPN gateway
> 192.168.x.x/16 (e.g.
> Checkpoint FW-1)
> (VPN client)
>
> I hope someone could help to advise what software is required
> on the FreeBSD box to NAT traversal work and where to get the
> HOWTO(s)?
>
> Thanks a lot.
>
> John Mok
>
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504091337.j39Db6wv028638>