Hello Misc,
I have an OpenBSD 4.4 firewall with some clients connecting via IPSEC.
Some clients have flows established to servers not on the local LAN, and
these clients are natted through the internet interface to access these
servers. It's a bit convoluted, but things work, except of course for ftp.
I configured the ftp-proxy for clients on the local lan and openvpn
clients (tun0), but I cannot appear to use ftp-proxy with IPSEC clients
(enc0).
I want to use a line such as:
rdr on enc0 proto tcp from any to any port 21 -> 127.0.0.1 port 8021
When this is in place, IPSEC clients cannot even connect to the ftp
server. I suspect there are some problems with this approach, since the
man pages show matching with ipencap, but you can't do tcp port
redirects with only ip encapsulated matching.
I am at a bit of a loss here, and I'm wondering if there's anything I
can do to proxy the IPSEC ftp traffic, or if there are any other options
I have at this point.
Thanks,
Cam
