On Fri, Dec 22, 2006 at 11:09:07AM -0600, Jacob Yocom-Piatt wrote:
> at work there are 2 pieces of heavy machinery that each are "hard-wired"
> to communicate on the, say, 192.168.101/24 subnet and i would like to
> access both subnets from a machine in the office on the 172.16.16/24
> subnet. to avoid the issue of having 2 routes to the same subnet, i plan
> on having an intermediate machine in front of each subnet that will run
> ipsec and then NAT the 172.16.16/24 host to a 192.168.101/24 address.
> this way i should be able to avoid the 2 route issue.
>
> there are likely other solutions to this problem that don't involve
> ipsec and i am interested in hearing them. could the multiple routing
> tables feature be useful here?
I don't know about the multiple routing tables, but it can, at the very
worst case, be done with 2 hosts, both of which do NAT.
However, I'm fairly certain that careful abuse of pf's route-to will
allow you to make this work. Although I'd caution against trying to make
it work from the firewall itself, too.
Joachim
