From owner-freebsd-net@FreeBSD.ORG Tue Aug 14 10:04:36 2007 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E92B916A41B for ; Tue, 14 Aug 2007 10:04:36 +0000 (UTC) (envelope-from emss@free.fr) Received: from mallaury.nerim.net (mallaury.ipv6.nerim.net [IPv6:2001:7a8:1:5::82]) by mx1.freebsd.org (Postfix) with ESMTP id 90C2813C459 for ; Tue, 14 Aug 2007 10:04:36 +0000 (UTC) (envelope-from emss@free.fr) Received: from srvbsdnanssv.interne.kisoft-services.com (kisoft.net1.nerim.net [62.212.107.51]) by mallaury.nerim.net (Postfix) with ESMTP id 4009D4F42F; Tue, 14 Aug 2007 12:04:27 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by srvbsdnanssv.interne.kisoft-services.com (Postfix) with ESMTP id 32FD9D299; Tue, 14 Aug 2007 12:04:30 +0200 (CEST) X-Virus-Scanned: amavisd-new at interne.kisoft-services.com Received: from srvbsdnanssv.interne.kisoft-services.com ([127.0.0.1]) by localhost (srvbsdnanssv.interne.kisoft-services.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id phGzCrkJwws2; Tue, 14 Aug 2007 12:04:27 +0200 (CEST) Received: by srvbsdnanssv.interne.kisoft-services.com (Postfix, from userid 1001) id 51252D036; Tue, 14 Aug 2007 12:04:27 +0200 (CEST) To: "Bjoern A. Zeeb" From: Eric Masson In-Reply-To: <20070813091634.C87821@maildrop.int.zabbadoz.net> (Bjoern A. Zeeb's message of "Mon, 13 Aug 2007 09:17:33 +0000 (UTC)") References: <867inzn945.fsf@srvbsdnanssv.interne.kisoft-services.com> <20070813091634.C87821@maildrop.int.zabbadoz.net> X-Operating-System: FreeBSD 6.2-RELEASE-p7 i386 Date: Tue, 14 Aug 2007 12:04:27 +0200 Message-ID: <86k5ryjutw.fsf@srvbsdnanssv.interne.kisoft-services.com> User-Agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b28 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 8bit Cc: Mailing List FreeBSD Network Subject: Re: pf rdr statement & ipsec processing interaction X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Aug 2007 10:04:37 -0000 "Bjoern A. Zeeb" writes: Hello Bjoern & all, > this is expected behavior. You want to read about the > IPSEC_FILTERTUNNEL (fka. IPSEC_FILTERGIF) kernel option and > enc(4). I've compiled a new kernel with IPSEC_FILTERGIF, tcpdump now can see unencrypted L2TP packets on external interfaces but rdr rule doesn't have any effect. Just to be sure, I added "device enc" to the kernel configuration and changed the rdr rule to : rdr on enc0 proto udp from any to ($ext_if) port 1701 -> 10.127.0.1 port 1701 But no success atm. Any idea ? Regards Éric Masson -- FYLG> Tiens, vlà une URL qui va bien : FYLG> ftp://127.0.0.1/WaReZ/NiouZeS/WinDoZe/NeWSMoNGeR/SuPeR c'est gentil sauf que l'adresse ne fonctionne pas sa me fais une erreur -+- Furtif in Guide du Neuneu Usenet : -+-