Home » Mailing list archives » openbsd-misc » 2007 » February » 26

Source Interface for outgoing connections

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Samuel Moñux <smonux@...>
To: <misc@...>
Subject: Source Interface for outgoing connections
Date: Monday, February 26, 2007 - 12:36 pm

Hi everyone,


I'm having some issues with an ipsec connection with vpnc (isakmp is

not an option, since does not support xauth, and I don't control the

other end) from an OpenBSD firewall/router to a Cisco device.


I think problems could be natt related so I would like to eliminate

nat from the equation, but the problem is that the "outside" interface

is a private address. This firewall routes between a DMZ (public /29),

a LAN segment (private /24), and the outside (private /30).


------ LAN ------- OpenBSD ------ 10.90.0.0/30 --- Outside Router ------ INET

                          |

                          |

                      DMZ (public /29)


Right now, I need to NAT on the Outside Router, since internet routed

packets from the OpenBSD box go out with a private address.


What I would like to achieve is that packets destined to internet get

sourced with DMZ's interface, which is internet routable, and without

pf tricks(I don't want NAT, remember).


Bridging is not an option, since the Outside router needs its own IP

for its own purposes.


I don't know it its possible. If it's, please, let me know (pointing a

man page would be OK).


Thanks in advance
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Source Interface for outgoing connections, Samuel Moñux, (Mon Feb 26, 12:36 pm)
Re: Source Interface for outgoing connections, Darren Spruell, (Mon Feb 26, 1:59 pm)
Re: Source Interface for outgoing connections, Samuel Moñux, (Tue Feb 27, 3:12 am)