On 2/20/07, John Cianfarani <[EMAIL PROTECTED]> wrote:
Catching up on the list here and I saw this, that awesome work! Curious does this mean we are any closer to doing NAT for traffic in/out of a IPSec tunnel.
For some form of closer. Sadly, not really. IPSec policy takes affect before filtering/nating, so while coming out of a tunnel you could nat (inside interface), traffic initiated _inside_ your network across the tunnel will hit the tunnel before PF sees it to nat (nat only occurs egress on an interface). Maybe someday we'll see this, but it's going to take alot more kernel reorg I think. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
