[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ossig] Re: [myoss] Linux kernel IP stack, 7-layer OSI cake and SNAT shenanigans



On Thu, Nov 04, 2004 at 08:42:44AM +0100, SianLun Lau wrote:

> i seriously do not  know about such  complexitiy. all i did was, set
> up a gateway  that  does NAT, firewall  it,  then run  openswan with
> NAT_Transversal on.

This is what I was afraid of.  I am *NOT* talking about NAT traversal,
at  all.  The   IPsec   endpoints are publicly-routable  Internet   IP
addresses.  The   NAT  happens BEFORE the  IPsec  tunnel,  to  make my
internal  network   look  like the  remote   network without requiring
routing between them.

-- 
% You are in a maze of twisty passages, all alike.
Christopher DeMarco <cdemarco@fastmail.fm>          
PGP public key ID 0x2E76CF5C @ pgp.mit.edu
+6012 232 2106


---------------------------------------------------------
To unsubscribe: send mail to ossig-request@mncc.com.my
with "unsubscribe ossig" in the body of the message