Date: Tue, 14 Aug 2007 12:04:27 +0200 From: Eric Masson <emss@free.fr> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: Mailing List FreeBSD Network <freebsd-net@FreeBSD.org> Subject: Re: pf rdr statement & ipsec processing interaction Message-ID: <86k5ryjutw.fsf@srvbsdnanssv.interne.kisoft-services.com> In-Reply-To: <20070813091634.C87821@maildrop.int.zabbadoz.net> (Bjoern A. Zeeb's message of "Mon, 13 Aug 2007 09:17:33 %2B0000 (UTC)") References: <867inzn945.fsf@srvbsdnanssv.interne.kisoft-services.com> <20070813091634.C87821@maildrop.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
"Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> writes: Hello Bjoern & all, > this is expected behavior. You want to read about the > IPSEC_FILTERTUNNEL (fka. IPSEC_FILTERGIF) kernel option and > enc(4). I've compiled a new kernel with IPSEC_FILTERGIF, tcpdump now can see unencrypted L2TP packets on external interfaces but rdr rule doesn't have any effect. Just to be sure, I added "device enc" to the kernel configuration and changed the rdr rule to : rdr on enc0 proto udp from any to ($ext_if) port 1701 -> 10.127.0.1 port 1701 But no success atm. Any idea ? Regards Éric Masson -- FYLG> Tiens, vlà une URL qui va bien : FYLG> ftp://127.0.0.1/WaReZ/NiouZeS/WinDoZe/NeWSMoNGeR/SuPeR c'est gentil sauf que l'adresse ne fonctionne pas sa me fais une erreur -+- Furtif in Guide du Neuneu Usenet : <MODE CERVEAU OFF> -+-
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86k5ryjutw.fsf>