Date: Thu, 14 Jul 2005 01:31:36 -0400 From: compunction <compunction@gmail.com> To: Alex Povolotsky <tarkhil@webmail.sub.ru> Cc: freebsd-net@freebsd.org Subject: Re: GRE and PF problem Message-ID: <9f9a8c4005071322311907b4b@mail.gmail.com> In-Reply-To: <42D536EC.5030500@webmail.sub.ru> References: <42D536EC.5030500@webmail.sub.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
GRE needs to pass bidirectional. You will need a binat to make it work. I have not found a firewall that will allow GRE to work with a many to one nat. -Mark On 7/13/05, Alex Povolotsky <tarkhil@webmail.sub.ru> wrote: > Hello! >=20 > I'm using FreeBSD (5.3-RELEASE-p5) as internet access server, and I have > to NAT GRE packets. I'm using pf. >=20 > The problem is that SOMETIMES PF fails to create proper rule using nat, > while binat works fine. >=20 > Not only I do not want to expose Windows boxes (even if those addresses > are firewalled), but it's also a terrible waste of real IPs. >=20 > Can anyone point me if I have incorrect PF config, or PF just work > poorly with gre? >=20 > Alex. >=20 >=20 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9f9a8c4005071322311907b4b>