Hi,
I am trying to use 2 internet lines for load balance.
outgoing interfaces are: em0 and xl0
--Local Interface ( rl0 / 192.168.0.1 ) -- | Freebsd 7.2 | --ISP 1
---interface ( em0 ) IP: 192.168.3.1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Patrick Oonk <[EMAIL PROTECTED]> wrote:
>
> host A
> -redirect_address 192.168.0.2 128.1.1.2
>
> Host B
> -redirect_address 192.168.0.3 128.1.1.3
>
> I have a webserver running on host A.
> When I try to reach either host A the 'outside', that works
Dear list users,
I have the following problem:
I have for example two static nat hosts:
host A
-redirect_address 192.168.0.2 128.1.1.2
Host B
-redirect_address 192.168.0.3 128.1.1.3
I have a webserver running on host A.
When I try to reach either host A the 'outside', that works fine.
When I
On Thu, 29 Jul 2004, Bjoern A. Zeeb wrote:
> is anyone else seeing this behavior ?
Thanks to Thomas Wolf for pointing me to 'dynamic' missing.
Got lost somewhere when changing to multi-instance entries.
This should solve the problem :-)
Thanks.
--
Bjoern A. Zeeb bzeeb
Hi,
I started using the multi instance natd feature and running into
problems.
Every morning when the IP on the dialup interface with the default
route (tun0) changes I need to re-start the natd. Else I am getting:
natd[88668]: failed to write packet back (Permission denied)
looks like n
Crist J. Clark writes:
> Two different ESP end points behind many-to-one NAT connected to a
> single ESP end point on the other side of the NAT? I'd be very curious
> to get the documentation on how they are cheating to get that to work.
A cheat is to use the sequence number in the ESP header t
On Sun, Nov 16, 2003 at 08:11:36PM +0100, Helge Oldach wrote:
> Crist J. Clark:
> >On Sat, Nov 15, 2003 at 07:54:40AM +0100, Oldach, Helge wrote:
> >> From: Crist J. Clark [mailto:[EMAIL PROTECTED]
> >> > Two different ESP end points behind many-to-one NAT connected to
> >> > a single ESP end point
Hi!
> FreeBSD lacks features deployed in the market, when acting as a VPN
> endpoint, as well as when acting as a NAT device in the VPN packet flow.
> Either is a pity, unfortunately.
>
> I am not complaining; I am just stating that we're behind. But FreeS/WAN
> is in no better shape.
Who would
Crist J. Clark:
>On Sat, Nov 15, 2003 at 07:54:40AM +0100, Oldach, Helge wrote:
>> From: Crist J. Clark [mailto:[EMAIL PROTECTED]
>> > Two different ESP end points behind many-to-one NAT connected to
>> > a single ESP end point on the other side of the NAT? I'd be very
>> > curious to get the docum
On Sat, Nov 15, 2003 at 07:54:40AM +0100, Oldach, Helge wrote:
> I do well understand that there is no general solution. However, FreeBSD
> is definitely behind what is available on the commercial market today. Call
> it "cheating" - but it's out there and it works. I would rather prefer to
> see
>
On Sat, Nov 15, 2003 at 07:54:40AM +0100, Oldach, Helge wrote:
> From: Crist J. Clark [mailto:[EMAIL PROTECTED]
> > On Fri, Nov 14, 2003 at 06:22:55PM +0100, Helge Oldach wrote:
> > > Nothing that works well and has noticeable exposure is useless. This
> > > definitely has both. Not with FreeBSD, t
From: Crist J. Clark [mailto:[EMAIL PROTECTED]
> On Fri, Nov 14, 2003 at 06:22:55PM +0100, Helge Oldach wrote:
> > Nothing that works well and has noticeable exposure is useless. This
> > definitely has both. Not with FreeBSD, though. It does work with Windows
> > 2000 SP4, to put a name up... So i
On Fri, Nov 14, 2003 at 06:22:55PM +0100, Helge Oldach wrote:
> Crist J. Clark:
[snip]
> >> This is actually implemented in most modern VPN
> >> devices. They do NAT translation according to SPI. The alternative is to
> >> encapsulate IPSec traffic in UDP (using port 4500) packets which can be
> >>
Crist J. Clark:
>> >ESP packets have this nice SPI field that one could
>> >potentially use to map the traffic between multiple machines behind
>> >NAT to a single VPN end point on the other side, but there is no
>> >practical way for the NAT box to learn the SPI of incoming packets.
>> Certainly t
On Fri, Nov 14, 2003 at 10:22:06AM +0100, Helge Oldach wrote:
> Crist J. Clark:
> >On Thu, Nov 13, 2003 at 12:46:24PM -0500, Vincent Goupil wrote:
> >> I setup a firewall with ipfw2 and natd on freebsd 4.9 release.
> >>
> >> I have mapped my subnet with alias_address
> >> I have mapped 4 private i
Crist J. Clark:
>On Thu, Nov 13, 2003 at 12:46:24PM -0500, Vincent Goupil wrote:
>> I setup a firewall with ipfw2 and natd on freebsd 4.9 release.
>>
>> I have mapped my subnet with alias_address
>> I have mapped 4 private ip address with 4 public ip address
>>
>> Everything is working fine (web,
Crist J. Clark [mailto:[EMAIL PROTECTED]
Sent: 13 novembre, 2003 16:16
To: Vincent Goupil
Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'
Subject: Re: IPSec VPN & NATD (problem with alias_address vs
redirect_address)
On Thu, Nov 13, 2003 at 12
On Thu, Nov 13, 2003 at 12:46:24PM -0500, Vincent Goupil wrote:
> I setup a firewall with ipfw2 and natd on freebsd 4.9 release.
>
> I have mapped my subnet with alias_address
> I have mapped 4 private ip address with 4 public ip address
>
> Everything is working fine (web, email, ftp, etc..) for
ECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Vincent Goupil
Sent: Thursday, November 13, 2003 12:46 PM
To: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'
Subject: IPSec VPN & NATD (problem with alias_address vs
redirect_address)
I setup a firewall with ip
I setup a firewall with ipfw2 and natd on freebsd 4.9 release.
I have mapped my subnet with alias_address
I have mapped 4 private ip address with 4 public ip address
Everything is working fine (web, email, ftp, etc..) for outgoing and
incoming connexion for anyone on my network.
With this config
20 matches
Mail list logo
