[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NAT *before* routing decision

On 27/10/04 6:58 pm, "Chris Wilson" <[email protected]> wrote:
> Hi all,
> Trying to get my head around mixing NAT and IPSEC on OpenBSD; hoping you
> folks can tell me whether I'm crazy :-)
> I've got IPSEC ala:
> --------
> (ie the encryption domain and the vpn endpoints are the same).
> Now I'd like the OpenBSD machine at to be able to be able to give
> users on it's local LAN access to through the IPSEC tunnel,
> NAT'ing the source address to
Why do you need to NAT the source packet? If you alter to shove any
packet FROM its network TO over IPSec, then as long as the
machine knows that any packet from the network behind is to be
routed over the IPSec tunnel, the packets should flow freely. Unless the
network behind has the same IP addresses as the one behind, in which case do some kind of binat?
Or perhaps I missed the point. I usually do :)
Oliver Humpage
ICT Co-ordinator, Watershed Media Centre -- +44 (0)117 9276444
E-mails received are assumed to be for my attention, to do with as I wish.
No responsibility is accepted if communications are sent to me in error.
This disclaimer has as much legal status as yours.