Date: Thu, 14 Jul 2005 10:37:04 +0400 From: Alex Povolotsky <tarkhil@webmail.sub.ru> To: compunction <compunction@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: GRE and PF problem Message-ID: <42D60810.8090000@webmail.sub.ru> In-Reply-To: <9f9a8c4005071322311907b4b@mail.gmail.com> References: <42D536EC.5030500@webmail.sub.ru> <9f9a8c4005071322311907b4b@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
compunction wrote: >GRE needs to pass bidirectional. You will need a binat to make it >work. I have not found a firewall that will allow GRE to work with a >many to one nat. > > The most painful thing is that pf's nat works for GRE - SOMETIMES :-( The only thing firewall needs to implement for natting GRE is creation of two rules (forward and back) for GRE packet, just like it does for ICMP. I'm not a firewall writer, but as far as I understand general procedural programming, it cannot be THAT complicated. Alex.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42D60810.8090000>