To which I can only say that in IPv4 world and VPN, NAT is almost
mandatory. For me, using NAT allows me to set up VPN specific
routing for my special project within a corporate network without
bothering the network administrator with using FreeBSD instead of
their Cisco stuff for routing. FreeBSD/KAME needs NAT for allowing
it to being used in production environments today. NAT comes with
IPFW, which is where the circle closes.
as mentioned before, there was an discussion about one of the freebsd
mailing lists. there was a proposed patch just like below
(the following patch works only for the latest KAME tree, not for
FreeBSD tree).
http://www.kame.net/dev/cvsweb.cgi/kame/freebsd4/sys/netinet/ip_input.c.diff?r1=1.16r2=1.17
the patch tries to do the following, i have no environment to test.
http://www.netbsd.org/Documentation/network/ipsec/#ipf-interaction
itojun
-
The IPv6 Users Mailing List
Unsubscribe by sending "unsubscribe users" to [EMAIL PROTECTED]