That makes sense and there's no reason why it shouldn't work. Do you have
both cards connected to the same physical network and is your tunnel routed
over the Internet, also?
-----Original Message-----
From: Austin, Michael H POJ <[EMAIL PROTECTED]>
To: 'Eric J. Schwertfeger' <[EMAIL PROTECTED]>; [EMAIL PROTECTED]
<[EMAIL PROTECTED]>
Date: Tuesday, September 29, 1998 9:16 PM
Subject: RE: SKIP and natd on FreeBSD 2.2-current
>I've been running SKIP and NATD on the same machine successfully for about
five
>days now.
>Although they are running on the same machine they are running on DIFFERENT
>network cards.
>I use SKIP to tunnel between two LANs and NATD to communicate to the
internet in
>the clear.
>I'm running FreeBSD 2.2.5 with no special ipfw rules besides the divert to
the
>natd port.
>So far things are running just fine. Performance is good.
>
>Michael
>
> -----Original Message-----
> From: Eric J. Schwertfeger [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, September 27, 1998 6:17 AM
> To: [EMAIL PROTECTED]
> Subject: Re: SKIP and natd on FreeBSD 2.2-current
>
>
> On Thu, 24 Sep 1998, Eric J. Schwertfeger wrote:
>
> > I've got two FreeBSD machines, one 2.2.7-RELEASE and one
> > 2.2.7-19980828-SNAP. The latter machine is a firewall with
>natd running
> > on it. Without configuring natd, we can establish encrypted
> > communications to our hearts content.
> >
> > However, as soon as we insert the ipfw divert rule for natd,
>things go
> > south fast. Basically, we've tried various configurations,
>and we can get
> > one or the other to work, but not both. Even a two-rule
>rc.firewall
> > consisting of just the divert rule and a pass all rule kills
>SKIP if the
> > divirt comes first.
>
> I've narrowed the problem down. Basically, because natd is
>reinserting the
> unencrypted packet into the device (queue?), skip can't tell
>that it's a
> packet that it has already decrypted, so rejects the packet
>because it
> thinks that the given packet was never encrypted, and is coming
>from a
> host that requires encryption.
>
> Also, is anyone seeing this? I didn't get any replies, and
>haven't seen
> any other traffic on this list since subscribing.
>
