Date: Mon, 08 Sep 2008 08:50:00 +0200 From: mouss <mouss@netoyen.net> To: freebsd-pf@freebsd.org Subject: Re: bidirectional NAT in PF? Message-ID: <48C4CB18.6010905@netoyen.net> In-Reply-To: <20080906223103.GK1949@verio.net> References: <1220706618.48c2813ab9cc6@imp.free.fr> <20080906204042.16491860@desktop> <20080906191403.GJ1949@verio.net> <20080906214155.52c6f2e7@desktop> <20080906223103.GK1949@verio.net>
next in thread | previous in thread | raw e-mail | index | archive | help
David DeSimone wrote: > I think I am using the wrong terminology. I should probably call it > "double NAT" to differentiate it. "binat" works fine but it still only > changes ONE of the IP's being translated (the source IP). In PF, you > can use "nat" to translate the source IP, and "redir" to change the dest > IP, but what if you want to change both? There is no direct way to do > this, so I am wondering if two different rules could be matched at > different times during the packet's transit through the gateway. > the common way is to use two rules: a nat and an rdr. This is used to fix the "reflection problem" for instance. I have used it with ipfilter in the past (though not for a reflection issue, but for a dmz setup), but I guess it works similarly on pf and other filters.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48C4CB18.6010905>