From owner-freebsd-security Fri Oct 22 6:43: 3 1999 Delivered-To: freebsd-security@freebsd.org Received: from vidle.i.cz (vidle.i.cz [193.179.36.138]) by hub.freebsd.org (Postfix) with ESMTP id 0E7BE15012 for ; Fri, 22 Oct 1999 06:43:01 -0700 (PDT) (envelope-from mm@i.cz) Received: from ns.i.cz (brana.i.cz [193.179.36.134]) by vidle.i.cz (Postfix) with ESMTP id B616E30702 for ; Fri, 22 Oct 1999 15:43:00 +0200 (CEST) Received: from woody.i.cz (woody.i.cz [192.168.18.29]) by ns.i.cz (Postfix) with ESMTP id 6491536415 for ; Fri, 22 Oct 1999 15:42:58 +0200 (CEST) Content-Length: 757 Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <380FE9E9.21DD8B35@bellsouth.net> Date: Fri, 22 Oct 1999 15:42:58 +0200 (MET DST) Reply-To: mm@i.cz From: Martin Machacek To: security@FreeBSD.ORG Subject: Re: GRE/IP 47/PPTP Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 22-Oct-99 Bert Kellerman wrote: > You need to pass `-pptpalias ` on the command line. The ipaddress > that you specify will be the only client/server on the inside that will get > the type 47 packets. Check out the natd man page, it's all in there. AFAIK, > cisco has supported GRE tunneling since IOS 9.x. Well, GRE tunnelling is something completely different from suporting GRE in NAT. I can imagine doing one-to-one NAT and passing GRE, but doing many to one NAT and supporting multiple GRE streams is IMHO impossible. There is no parameter in the GRE encapsulation that would allow you to identify the real internal recipient if you NAT multiple internal addresses to one external address. Martin --- [PGP KeyID F3F409C4] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message