Date: Wed, 04 Feb 2009 18:44:48 +0000 From: Greg Hennessy <Greg.Hennessy@nviz.net> To: Sebastiaan van Erk <sebster@sebster.com> Cc: freebsd-pf@freebsd.org Subject: Re: GRE not natted on FreeBSD 7.1-p2 Message-ID: <4989E220.2070606@nviz.net> In-Reply-To: <49882A91.3050307@sebster.com> References: <49882A91.3050307@sebster.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Sebastiaan van Erk wrote:
>
>
> nat on $ext_if from { $int_net, $wifi_net } to any -> $ext_if
>
This is the nub of the problem, 'hide' NAT breaks GRE.
To successfully do 'Many:1' NAT of GRE requires a rewrite of the GRE
call id header to track each session in a manner analagous to rewriting
the source port of a 'hide' natted tcp/udp session.
The last time I looked, Daniel, Henning et al have not added that
facility to PF as of yet.
You can statically translate the flow instead which should sort the
problem.
Greg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4989E220.2070606>