On Wed, 25 Dec 2013, Zeus Panchenko wrote:
wishmaster <artem...@ukr.net> wrote:
If I understand you correctly, you want binat inside IPSec and
that would not really work as policies wouldn't match easily.
I'm not sure ... what I want is to nat packets from net A before they
are entering IPSec, as if they originate not on the freebsd host
so, they enters IPSec already as net B packets ...
If nothing has changed and no one implemented inside NAT for pf (or
ported it) it cannot do it; I used to do it with ipfw ages ago, but
back then it still required a third policy if I remember correctly.
There should be some posting from me on net@ or ipfw@ from sometime in
the last decade.
/bz
--
Bjoern A. Zeeb ????????? ??? ??????? ??????:
'??? ??? ???? ?????? ??????? ?? ?? ??????? ??????? ??? ????? ????? ????
?????? ?? ????? ????', ????????? ?????????, "??? ????? ?? ?????", ?.???
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
