Charles Henrich wrote:
The nat daemon does not log any rejections of the packet, however in my kernelYour packets don't seem to reach natd after IPsec inbound processing.
log, I see a
Oct 17 17:23:51 dmz /kernel: Connection attempt to TCP B:3283 from C:22
Looks like ipfw processing happens before IPsec (so natd sees the IPsec'ed packets, but doesn't know anything about them), and gets thems them after IPsec inbound processing. What you want is a way to do IPsec first, and then ipfw processing, but I don't know if that can be done.
Try configuring an IPIP tunnel between B and C, and transport-mode IPsec that. That way, your NAT packets get tunneled, and the tunneled packets secured. On inbound, security processing comes first, then decapsulation, then ipfw.
Lars
--
Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
