Date: Fri, 22 Oct 1999 15:42:58 +0200 (MET DST) From: Martin Machacek <mm@i.cz> To: security@FreeBSD.ORG Subject: Re: GRE/IP 47/PPTP Message-ID: <XFMail.991022154258.mm@i.cz> In-Reply-To: <380FE9E9.21DD8B35@bellsouth.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 22-Oct-99 Bert Kellerman wrote:
> You need to pass `-pptpalias <ipaddress>` on the command line. The ipaddress
> that you specify will be the only client/server on the inside that will get
> the type 47 packets. Check out the natd man page, it's all in there. AFAIK,
> cisco has supported GRE tunneling since IOS 9.x.
Well, GRE tunnelling is something completely different from suporting GRE in
NAT. I can imagine doing one-to-one NAT and passing GRE, but doing many to one
NAT and supporting multiple GRE streams is IMHO impossible. There is no
parameter in the GRE encapsulation that would allow you to identify the real
internal recipient if you NAT multiple internal addresses to one external
address.
Martin
---
[PGP KeyID F3F409C4]
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.991022154258.mm>