NATd issue

[David DU SERRE TELMON <david@xxxxxxxxx>]

Hi,

I've the network below :

192.168.2.0/23
|
192.168.3.454 FreeBSD
x.x.x.x router 1
|
Internet
|
y.y.y.y FreeBSD
10.0.0.254 router 2
|
10.0.0.0/24

Each gateway run racoon.
Each network can go on Internet.
VPN is ok.

I would like to NAT packets from 192.168.2.0/23 to 10.0.0.0/24 with IP 
192.168.3.254 on router 1. VPN interface is gif5 on router 1.

My ipfw rules :
dialup:~# ipfw show | grep 8670
00650 4 400 divert 8670 ip from 192.168.2.0/23 to 10.0.0.0/24
00660 4 400 divert 8670 ip from 10.0.0.0/24

natd in debug mode :

dialup:~# natd -v -p natd-vpn -interface gif5
natd[42308]: Aliasing to 192.168.3.254, mtu 1280 bytes
In [ICMP] [ICMP] 192.168.3.82 -> 10.0.0.1 8(0) aliased to
[ICMP] 192.168.3.82 -> 10.0.0.1 8(0)
Out [ICMP] [ICMP] 10.0.0.1 -> 192.168.3.82 0(0) aliased to
[ICMP] 10.0.0.1 -> 192.168.3.82 0(0)

As you can see, packets are not translated with IP 192.168.3.54.

Same result with natd -p natd-vpn -a 192.168.3.254.

I think the solution will be with -reverse, when I use it, packets are 
natd (ping from 192.168.3.61 to 10.0.0.1) :

dialup:/etc# natd -v -p natd-vpn -reverse -interface gif5
natd[43271]: Aliasing to 192.168.3.254, mtu 1280 bytes
In [ICMP] [ICMP] 192.168.3.61 -> 10.0.0.1 8(0) aliased to
[ICMP] 192.168.3.254 -> 10.0.0.1 8(0)

tcmpdump on remote gateway :
11:26:44.641090 IP 192.168.3.254 > 10.0.0.1: icmp 64: echo request seq 0
11:26:44.641240 IP 10.0.0.1 > 192.168.3.254: icmp 64: echo reply seq 0

But I haven't got any reply on localsite (192.168.2.0/23), I haven't got 
packet OUT on natd.

David.

Thanks !

Have a nice Christmas !