Date: Mon, 17 Oct 2011 14:27:17 +0000 From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Damien Fleuriot <ml@my.gd> Cc: freebsd-pf@freebsd.org Subject: Re: PF & Inside NAT Message-ID: <EBB7F066-9929-46DB-86BF-D8BB5891607D@lists.zabbadoz.net> In-Reply-To: <4E9C36FF.2050508@my.gd> References: <86botfu6i0.fsf@srvbsdfenssv.interne.associated-bears.org> <4E9C36FF.2050508@my.gd>
next in thread | previous in thread | raw e-mail | index | archive | help
On 17. Oct 2011, at 14:09 , Damien Fleuriot wrote:
> On 10/17/11 2:50 PM, Eric Masson wrote:
>> Hello,
>>
>> Does the PF 4.5 port present in -current & 9-STABLE support inside NAT
>> please (somewhat like the reverse nat available with libalias) ?
>>
>> Kind Regards
>>
>> Éric Masson
>>
>
> I totally did not understand whatever you're trying to say.
> En d'autres termes, j'ai rien compris.
>
> What do you call "inside nat" ?
>
> If you're referring to the mechanism where a client calls a public IP on
> your firewall, and PF rewrites it to an internal IP, what you want is
> the rdr mechanism.
>
> These will still work, seeing the new rules syntax for PF only appears
> in 4.7
Inside NAT means when the packet arrives at the system rather than leaving it,
as in before any ipsec or routing decision; for long time pf had no concept
of this, and yes, the pf in FreeBSD still lacks it.
/bz
--
Bjoern A. Zeeb You have to have visions!
Stop bit received. Insert coin for new address family.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EBB7F066-9929-46DB-86BF-D8BB5891607D>