From owner-freebsd-security  Fri Oct 22 10:48:57 1999
Delivered-To: freebsd-security@freebsd.org
Received: from bubba.whistle.com (bubba.whistle.com [207.76.205.7])
	by hub.freebsd.org (Postfix) with ESMTP id 9B5EC14C57
	for <security@FreeBSD.ORG>; Fri, 22 Oct 1999 10:48:54 -0700 (PDT)
	(envelope-from archie@whistle.com)
Received: (from archie@localhost)
	by bubba.whistle.com (8.9.2/8.9.2) id KAA67824;
	Fri, 22 Oct 1999 10:48:48 -0700 (PDT)
From: Archie Cobbs <archie@whistle.com>
Message-Id: <199910221748.KAA67824@bubba.whistle.com>
Subject: Re: GRE/IP 47/PPTP
In-Reply-To: <XFMail.991022154258.mm@i.cz> from Martin Machacek at "Oct 22, 1999 03:42:58 pm"
To: mm@i.cz
Date: Fri, 22 Oct 1999 10:48:48 -0700 (PDT)
Cc: security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL54 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Martin Machacek writes:
> Well, GRE tunnelling is something completely different from suporting GRE in
> NAT. I can imagine doing one-to-one NAT and passing GRE, but doing many to one
> NAT and supporting multiple GRE streams is IMHO impossible. There is no
> parameter in the GRE encapsulation that would allow you to identify the real
> internal recipient if you NAT multiple internal addresses to one external
> address.

True in general.. however, if all you're using GRE for is PPTP, then
you can multiplex on the call identifier in the PPTP/GRE header.

-Archie

___________________________________________________________________________
Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message