From owner-freebsd-pf@FreeBSD.ORG Wed Jan 16 12:33:42 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 94CEE16A41B for ; Wed, 16 Jan 2008 12:33:42 +0000 (UTC) (envelope-from swygue@rodhouse.org) Received: from hu-out-0506.google.com (hu-out-0506.google.com [72.14.214.231]) by mx1.freebsd.org (Postfix) with ESMTP id 1936E13C46E for ; Wed, 16 Jan 2008 12:33:34 +0000 (UTC) (envelope-from swygue@rodhouse.org) Received: by hu-out-0506.google.com with SMTP id 28so1095258hub.8 for ; Wed, 16 Jan 2008 04:33:26 -0800 (PST) Received: by 10.78.201.2 with SMTP id y2mr668429huf.56.1200486805705; Wed, 16 Jan 2008 04:33:25 -0800 (PST) Received: by 10.78.146.17 with HTTP; Wed, 16 Jan 2008 04:33:25 -0800 (PST) Message-ID: <1a5f1a2d0801160433u41453786q4c1e6fca1f0a150f@mail.gmail.com> Date: Wed, 16 Jan 2008 07:33:25 -0500 From: "Rodrique Heron" To: fox@verio.net In-Reply-To: <20080112072307.GB25623@verio.net> MIME-Version: 1.0 References: <4784F7E3.3060508@rodhouse.org> <1199919114.59461.10.camel@xenon> <1a5f1a2d0801100501j664f6b81sebe866b986a05500@mail.gmail.com> <1199977668.36543.12.camel@xenon> <1a5f1a2d0801100910r1316d24dibb2b12720dfda207@mail.gmail.com> <1200009515.36543.27.camel@xenon> <1a5f1a2d0801101837r338b5453m7a8f673e3b03833e@mail.gmail.com> <1200021436.36543.40.camel@xenon> <1a5f1a2d0801110518i398793a9u84a4c8924f62bcde@mail.gmail.com> <20080112072307.GB25623@verio.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-pf@freebsd.org Subject: Re: Forwarding another host X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jan 2008 12:33:42 -0000 On 1/12/08, David DeSimone wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Rodrique Heron wrote: > > > > Yep! I understand perfectly, now is there anything I can do on the pix > side > > to allow the traffic back to HOST-A ? > > This seems the wrong question to ask. > > Shouldn't you instead be wondering, how can you get the PIX to forward > connections to HOST-B instead of to HOST-A? The PIX is a full firewall > with NAT features, so it can perform the NAT instead of your BSD box, > and since it is the default gateway for return traffic, will have no > trouble applying the translation in both directions. > > I realize this is a FreeBSD mailng list, but you should go for the > simplest solution, because complex solutions tend to fail in complex > ways. You are right, I'm looking into that since I don't know much about the PIX. - -- > David DeSimone == Network Admin == fox@verio.net > "This email message is intended for the use of the person to whom > it has been sent, and may contain information that is confidential > or legally protected. If you are not the intended recipient or have > received this message in error, you are not authorized to copy, dis- > tribute, or otherwise use this message or its attachments. Please > notify the sender immediately by return e-mail and permanently delete > this message and any attachments. Verio, Inc. makes no warranty that > this email is error or virus free. Thank you." --Lawyer Bot 6000 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.1 (GNU/Linux) > > iD8DBQFHiGrbFSrKRjX5eCoRAma/AJwJUY1t0WL7C0b1S5M+IDAvFdODTwCdGcH/ > nVtNURikbji5A9RMtPI3DoE= > =S5sQ > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >