From owner-freebsd-pf@FreeBSD.ORG  Fri Mar  3 03:08:43 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4C75A16A420
	for <freebsd-pf@freebsd.org>; Fri,  3 Mar 2006 03:08:43 +0000 (GMT)
	(envelope-from solinym@gmail.com)
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.192])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9D66443D49
	for <freebsd-pf@freebsd.org>; Fri,  3 Mar 2006 03:08:42 +0000 (GMT)
	(envelope-from solinym@gmail.com)
Received: by wproxy.gmail.com with SMTP id 50so566251wri
	for <freebsd-pf@freebsd.org>; Thu, 02 Mar 2006 19:08:42 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=b32rzWS51yjJiTkzNnwE/6kkYfeJBEhvow9n32HeHBpkTsFaeNYiLmkC0VuuvbUdj88pYY95I4fMXRkZSPbxZ2QdagN6zGByWDwENJ640w5P+DtNEQveWZ+xlIIcznsQzAVQ4CEhACze09eWg2yo4np9N/vCjhKtVcBbM9QV10I=
Received: by 10.35.49.4 with SMTP id b4mr426737pyk;
	Thu, 02 Mar 2006 19:08:41 -0800 (PST)
Received: by 10.35.30.16 with HTTP; Thu, 2 Mar 2006 19:08:41 -0800 (PST)
Message-ID: <d4f1333a0603021908h33614acbn7e8d96524684b093@mail.gmail.com>
Date: Thu, 2 Mar 2006 21:08:41 -0600
From: "Travis H." <solinym@gmail.com>
To: "Tiago Cruz" <tiagocruz@forumgdh.net>
In-Reply-To: <1141326676.9163.5.camel@localhost.localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <1140612265.5617.25.camel@localhost.localdomain>
	<000001c637b3$a54b0a70$0a00a8c0@thebeast>
	<d4f1333a0602230336t5d29532fp704af80b67e58cfb@mail.gmail.com>
	<1141326676.9163.5.camel@localhost.localdomain>
Cc: Greg Hennessy <Greg.Hennessy@nviz.net>, freebsd-pf@freebsd.org
Subject: Re: Dirty NAT tricks
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Mar 2006 03:08:43 -0000

On 3/2/06, Tiago Cruz <tiagocruz@forumgdh.net> wrote:
> > As Brian Candler pointed out, you can do this with a binat to a
> > fictitious network on the client, then a binat back on the VPN server.

> -> PF rules:
> binat on $vpn_if from 192.168.10.0/24 to any -> 192.168.0.0/24
> binat on $vpn_if from 192.168.0.0/24 to any -> 192.168.10.0/24

The last rule must be on the laptop, the first must be on the VPN gateway.

> My first ping  is E.O.K (TTL=3D126) but all the others I don't have reply
> (75% lost).
>
> Can somebody help me?

What does your state table look like on both machines?
--
Security Guru for Hire http://www.lightconsulting.com/~travis/ -><-
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066  151D 0A6B 4098 0C55 1484