Date: Thu, 2 Mar 2006 21:08:41 -0600 From: "Travis H." <solinym@gmail.com> To: "Tiago Cruz" <tiagocruz@forumgdh.net> Cc: Greg Hennessy <Greg.Hennessy@nviz.net>, freebsd-pf@freebsd.org Subject: Re: Dirty NAT tricks Message-ID: <d4f1333a0603021908h33614acbn7e8d96524684b093@mail.gmail.com> In-Reply-To: <1141326676.9163.5.camel@localhost.localdomain> References: <1140612265.5617.25.camel@localhost.localdomain> <000001c637b3$a54b0a70$0a00a8c0@thebeast> <d4f1333a0602230336t5d29532fp704af80b67e58cfb@mail.gmail.com> <1141326676.9163.5.camel@localhost.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3/2/06, Tiago Cruz <tiagocruz@forumgdh.net> wrote: > > As Brian Candler pointed out, you can do this with a binat to a > > fictitious network on the client, then a binat back on the VPN server. > -> PF rules: > binat on $vpn_if from 192.168.10.0/24 to any -> 192.168.0.0/24 > binat on $vpn_if from 192.168.0.0/24 to any -> 192.168.10.0/24 The last rule must be on the laptop, the first must be on the VPN gateway. > My first ping is E.O.K (TTL=3D126) but all the others I don't have reply > (75% lost). > > Can somebody help me? What does your state table look like on both machines? -- Security Guru for Hire http://www.lightconsulting.com/~travis/ -><- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d4f1333a0603021908h33614acbn7e8d96524684b093>