Date: Mon, 17 Oct 2011 14:27:17 +0000 From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Damien Fleuriot <ml@my.gd> Cc: freebsd-pf@freebsd.org Subject: Re: PF & Inside NAT Message-ID: <EBB7F066-9929-46DB-86BF-D8BB5891607D@lists.zabbadoz.net> In-Reply-To: <4E9C36FF.2050508@my.gd> References: <86botfu6i0.fsf@srvbsdfenssv.interne.associated-bears.org> <4E9C36FF.2050508@my.gd>
next in thread | previous in thread | raw e-mail | index | archive | help
On 17. Oct 2011, at 14:09 , Damien Fleuriot wrote:
> On 10/17/11 2:50 PM, Eric Masson wrote:
>> Hello,
>>=20
>> Does the PF 4.5 port present in -current & 9-STABLE support inside =
NAT
>> please (somewhat like the reverse nat available with libalias) ?
>>=20
>> Kind Regards
>>=20
>> =C9ric Masson
>>=20
>=20
> I totally did not understand whatever you're trying to say.
> En d'autres termes, j'ai rien compris.
>=20
> What do you call "inside nat" ?
>=20
> If you're referring to the mechanism where a client calls a public IP =
on
> your firewall, and PF rewrites it to an internal IP, what you want is
> the rdr mechanism.
>=20
> These will still work, seeing the new rules syntax for PF only appears
> in 4.7
Inside NAT means when the packet arrives at the system rather than =
leaving it,
as in before any ipsec or routing decision; for long time pf had no =
concept
of this, and yes, the pf in FreeBSD still lacks it.
/bz
--=20
Bjoern A. Zeeb You have to have visions!
Stop bit received. Insert coin for new address family.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EBB7F066-9929-46DB-86BF-D8BB5891607D>