I sent this to the IPF mailing list, but I was wondering if PF in 3.0 or
3.1 could accomplish this?
 
And thanks for all the help with finding a mail server. It looks like
qmail with vpop will work the best.thanks.
 
-----Original Message-----
From: neal hamilton [mailto:nealhamiltonjryahoo.com]
Sent: Monday, May 27, 2002 3:47 PM
To: 'ipfiltercoombs.anu.edu.au'
Subject: nating incomming IPSec connections?
 
Just wondering if the new IPF can properly NAT more than one inbound
IPSec tunnel/s at a time? I tried with, I believe 3.4.25 and I could not
get my openbsd-3.0/ipf router to forward more than more tunnel at a
time. I was using ESP and IKE on the checkpoint firewalls.
 
 
 

 
 
As you can see I only have one routable Address, the external interface
of the Bsd/Ipf router, and have to forward, D-NAT to my hosts inside the
firewall. The VPN servers are in HA mode and are seen as one VIP, so
therefore I need to only forward to one IP address. I have been able to
forward successfully ONE (1) connection to the VPN server but no more
simultaneous connections were able to connect. I was told that the
Linksys broadband RTR would work if I put the ip of the vpn servers as
the dmz host, and it worked. I was able with the Linksys to have many
connections, 253 I believe, simultaneously. I would rather use IPF for
this and have the comfort of having a OpenBsd/Ipf firewall as the entry
point so if anyone has done this before I would appreciate your help.
 
Thanks in advance.

[demime 0.98d removed an attachment of type image/jpeg which had a name of image001.jpg]

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]