Date: Sat, 9 Apr 2005 14:37:24 +0100 From: "Vince" <jhary@unsane.co.uk> To: "'John Mok'" <jmok@attglobal.net>, <freebsd-net@freebsd.org> Subject: RE: FreeBSD Firewall + NAT Traversal + IPsec Message-ID: <200504091337.j39Db6wv028638@unsane.co.uk> In-Reply-To: <42555C87.7030700@attglobal.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I do this with the cisco VPN client (to PIX), I am firewalling with pf. Client --- FreeBSD firewall+NAT using pf --- internet - PIX The only problem I had was that isakmp needs to come from port 500 as well as go to port 500 so I needed to add a rule To stop pf changing the source port. My nat rules are: nat on $ext_if inet proto { tcp, udp } from $int_net port = 500 \ to any -> ($ext_if:0) port 500 nat on $ext_if from $int_net to any -> $ext_addr1 Havent tried checkpoint though. Vince > -----Original Message----- > From: owner-freebsd-net@freebsd.org > [mailto:owner-freebsd-net@freebsd.org] On Behalf Of John Mok > Sent: 07 April 2005 17:15 > To: freebsd-net@freebsd.org > Subject: FreeBSD Firewall + NAT Traversal + IPsec > > Hi, > > I'm new to FreeBSD. Is it possible make a FreeBSD box with > firewall + NAT, such that client PC(s) from the NATed > internal network could connect to a VPN gateway on the Internet :- > > client PC ----- FreeBSD Firewall + NAT ---- Internet ---- > IPsec VPN gateway > 192.168.x.x/16 (e.g. > Checkpoint FW-1) > (VPN client) > > I hope someone could help to advise what software is required > on the FreeBSD box to NAT traversal work and where to get the > HOWTO(s)? > > Thanks a lot. > > John Mok > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504091337.j39Db6wv028638>