From owner-freebsd-questions@FreeBSD.ORG Sat Nov 24 08:48:21 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 413FC16A417 for ; Sat, 24 Nov 2007 08:48:21 +0000 (UTC) (envelope-from quakenet1@optusnet.com.au) Received: from mail01.syd.optusnet.com.au (mail01.syd.optusnet.com.au [211.29.132.182]) by mx1.freebsd.org (Postfix) with ESMTP id C7C7213C478 for ; Sat, 24 Nov 2007 08:48:20 +0000 (UTC) (envelope-from quakenet1@optusnet.com.au) Received: from [10.0.0.3] (c220-239-172-188.belrs4.nsw.optusnet.com.au [220.239.172.188]) by mail01.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id lAO8mDCp031723 for ; Sat, 24 Nov 2007 19:48:13 +1100 Mime-Version: 1.0 (Apple Message framework v752.2) Content-Transfer-Encoding: 7bit Message-Id: <7BB1A732-4F07-499E-A183-22776FEEEE90@optusnet.com.au> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed To: FreeBSD Questions From: Jerahmy Pocott Date: Sat, 24 Nov 2007 19:47:57 +1100 X-Mailer: Apple Mail (2.752.2) Subject: Difficulties establishing VPN tunnel with IPNAT X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Nov 2007 08:48:21 -0000 Hello, I recently decided to give ipf and ipnat a try, previously I had always been using ipfw and natd. Since switching over I can no longer establish a VPN tunnel from any system behind the gateway. I did 'ipf -F a' to flush all rules but I was still unable to connect so I think it's a problem with ipnat? Also my redirect from ipnat doesn't seem to work either. These are the only ipnat rules I have: (fxp1 is the external interface) # ipnat built in ftp proxy rules map fxp1 10.0.0.0/24 -> 0/32 proxy port 21 ftp/tcp map fxp1 0.0.0.0/0 -> 0/32 proxy port 21 ftp/tcp # CVS Server on Fileserv rdr fxp1 0/32 port 2401 -> 10.0.0.2 port 2401 tcp/udp # nat all out going traffic on fxp1 from internal lan map fxp1 10.0.0.0/24 -> 0/32 I can post my firewall rules too if that would help, however with NO rules set it still didn't work so I don't think that would help.. (I'm using the klm which is default to accept?) Thanks! J.