From owner-freebsd-pf@FreeBSD.ORG Thu Nov 30 23:25:43 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0B5E516A4B3 for ; Thu, 30 Nov 2006 23:25:43 +0000 (UTC) (envelope-from lists@wm-access.no) Received: from lakepoint.domeneshop.no (smtp01.domeneshop.no [194.63.248.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id 338A843CB5 for ; Thu, 30 Nov 2006 23:25:25 +0000 (GMT) (envelope-from lists@wm-access.no) Received: from [192.168.4.8] (polardego.arcticwireless.no [194.19.37.80]) (authenticated bits=0) by lakepoint.domeneshop.no (8.13.8/8.13.8) with ESMTP id kAUNPXmv011613 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 1 Dec 2006 00:25:34 +0100 Message-ID: <456F6859.5010205@wm-access.no> Date: Fri, 01 Dec 2006 00:25:13 +0100 From: =?ISO-8859-1?Q?Sten_Daniel_S=F8rsdal?= User-Agent: Thunderbird 1.5.0.8 (Windows/20061025) MIME-Version: 1.0 To: Aristeu Gil Alves Jr References: <62972.217.12.197.82.1164883946.squirrel@sigma.interami.com> <6e6841490611300512t73dca3ddt106d58a3e63bc1f1@mail.gmail.com> <55273.217.12.197.82.1164898183.squirrel@sigma.interami.com> <6e6841490611300803y577338adqf52918ef13ca7605@mail.gmail.com> <2c84c1de0611300832q67d25d13ndadfd2b52ddcf984@mail.gmail.com> In-Reply-To: <2c84c1de0611300832q67d25d13ndadfd2b52ddcf984@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-pf@freebsd.org Subject: Re: PF-NAT X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Nov 2006 23:25:43 -0000 Aristeu Gil Alves Jr wrote: > There's no way to share various PPTP client conections to the same > PPTP server. pf nat only can handle one at the time, since there's no > dst and src port to make more than one nat state. >=20 > Thats what I heard. There is no src/dst port but there is Call ID in the modified GRE header. Each session gets a unique value from which sessions can be identified. Just about any cheap home firewall can do it these days, i wonder why the open source community is reluctant to take advantage. --=20 Sten Daniel S=F8rsdal