From owner-freebsd-pf@FreeBSD.ORG Mon Oct 17 14:27:23 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 72BF1106564A for ; Mon, 17 Oct 2011 14:27:23 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25]) by mx1.freebsd.org (Postfix) with ESMTP id ACD018FC16 for ; Mon, 17 Oct 2011 14:27:22 +0000 (UTC) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id F068225D3892; Mon, 17 Oct 2011 14:27:20 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 3D487BD3C51; Mon, 17 Oct 2011 14:27:20 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id zKznDh-MlOql; Mon, 17 Oct 2011 14:27:19 +0000 (UTC) Received: from orange-en1.sbone.de (orange-en1.sbone.de [IPv6:fde9:577b:c1a9:31:cabc:c8ff:fecf:e8e3]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id EDE70BD3C2B; Mon, 17 Oct 2011 14:27:18 +0000 (UTC) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=iso-8859-1 From: "Bjoern A. Zeeb" In-Reply-To: <4E9C36FF.2050508@my.gd> Date: Mon, 17 Oct 2011 14:27:17 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: References: <86botfu6i0.fsf@srvbsdfenssv.interne.associated-bears.org> <4E9C36FF.2050508@my.gd> To: Damien Fleuriot X-Mailer: Apple Mail (2.1084) Cc: freebsd-pf@freebsd.org Subject: Re: PF & Inside NAT X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Oct 2011 14:27:23 -0000 On 17. Oct 2011, at 14:09 , Damien Fleuriot wrote: > On 10/17/11 2:50 PM, Eric Masson wrote: >> Hello, >>=20 >> Does the PF 4.5 port present in -current & 9-STABLE support inside = NAT >> please (somewhat like the reverse nat available with libalias) ? >>=20 >> Kind Regards >>=20 >> =C9ric Masson >>=20 >=20 > I totally did not understand whatever you're trying to say. > En d'autres termes, j'ai rien compris. >=20 > What do you call "inside nat" ? >=20 > If you're referring to the mechanism where a client calls a public IP = on > your firewall, and PF rewrites it to an internal IP, what you want is > the rdr mechanism. >=20 > These will still work, seeing the new rules syntax for PF only appears > in 4.7 Inside NAT means when the packet arrives at the system rather than = leaving it, as in before any ipsec or routing decision; for long time pf had no = concept of this, and yes, the pf in FreeBSD still lacks it. /bz --=20 Bjoern A. Zeeb You have to have visions! Stop bit received. Insert coin for new address family.