Hi,
I have the following scenario:
FreeBSD boxes run ipsec-tools and have three interfaces: em0-gif0 on the VPN side and em1 on the other. VPN router handles two VPN tunnel: one for FreeBSD Box1 and an other for FreeBSD Box2.
It could happen that Server2 and Server3 has the same IP address so I think on the FreeBSD Box1 the destination address has to be changed in the incoming packets destined to Server2 and the source address in the reply packets. As far as I know NAT might help.
I started to try it with PF.
man pf.conf says:
- nat: Translate outgoing packets' source addresses (any protocol).
- rdr: Translate incoming packets' destination addresses
According to this I have to use NAT on em0 or gif0 but it does not work as on em0 the traffic is encapsulated and the gif interface is inappropriate for NAT.
Any ideas?
BR
zgabe
I have the following scenario:
Code:
Server1 ----- VPN Router -----(vpn)----- FreeBSD Box1 ------ Server2
|-----(vpn)----- FreeBSD Box2 ------ Server3
It could happen that Server2 and Server3 has the same IP address so I think on the FreeBSD Box1 the destination address has to be changed in the incoming packets destined to Server2 and the source address in the reply packets. As far as I know NAT might help.
I started to try it with PF.
man pf.conf says:
- nat: Translate outgoing packets' source addresses (any protocol).
- rdr: Translate incoming packets' destination addresses
According to this I have to use NAT on em0 or gif0 but it does not work as on em0 the traffic is encapsulated and the gif interface is inappropriate for NAT.
Any ideas?
BR
zgabe