If I understand you correctly, you want binat inside IPSec and therefore you must enable filtering in tunnel.
This will help you: net.inet.ipsec.filtertunnel=1 Cheers, w --- Original message --- From: "Zeus Panchenko" <z...@ibs.dn.ua> Date: 25 December 2013, 20:11:05 > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > hi, > > please, may somebody help with the subj? is it possible at all on > FreeBSD with pf? > > I need to binat some of my LAN (network A) ip addresses to some of > secure communication addresses (network B) for, behind IPSec network C, > access > > target <-> world <--> em0 - freebsd - vlanA <--> LAN > ^ ^ net A > | | > +- netC -.-.-.-.- IPSec -.-.-.-.- net B -+ > > when I land some B network address on freebsd box, than everything from > that address works but, when I try to bi/nat some network A address to some > network B address, it is not > > in pf.conf I try this: > > binat on vlanA from A1 to C3 -> B2 > > where: > A1 is some address from net A > B2 is some address from net B > C3 is some address from net C > > I can see incoming packets from A1 to C3 on interface vlanA, but after > that, packets "disappears", I can not find them any other interface and > no return packets > > as far as I know I need "nat before vpn" ... but I was not able to find > how to do that ... can I do that with pf on freebsd? > > I run FreeBSD 9.2-PRERELEASE #6 r255856: amd64 with system pf > > please, help me understand what am I missing ... > > - -- > Zeus V. Panchenko jid:z...@im.ibs.dn.ua > IT Dpt., I.B.S. LLC GMT+2 (EET) > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.19 (FreeBSD) > > iEYEARECAAYFAlK7H24ACgkQr3jpPg/3oypenQCeI6R+2lILmP0UxDT273T1S8nU > 078AoJ3n1NRfU4L0pSrOKSDYovMpbIRF > =2FPq > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org" > _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
