From owner-freebsd-pf@FreeBSD.ORG  Fri Mar  3 11:49:48 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8372916A420
	for <freebsd-pf@freebsd.org>; Fri,  3 Mar 2006 11:49:48 +0000 (GMT)
	(envelope-from tiagocruz@forumgdh.net)
Received: from gdhs.guiadohardware.net (gdhs.guiadohardware.net [64.246.6.25])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 229A543D60
	for <freebsd-pf@freebsd.org>; Fri,  3 Mar 2006 11:49:45 +0000 (GMT)
	(envelope-from tiagocruz@forumgdh.net)
Received: (qmail 11523 invoked by uid 15); 3 Mar 2006 11:49:44 -0000
Received: from unknown (HELO tuxkiller.matter.b4br.net)
	(tiagocruz@forumgdh.net@200.152.202.10)
	by 0 with SMTP; 3 Mar 2006 11:49:44 -0000
From: Tiago Cruz <tiagocruz@forumgdh.net>
To: "Travis H." <solinym@gmail.com>
In-Reply-To: <d4f1333a0603021908h33614acbn7e8d96524684b093@mail.gmail.com>
References: <1140612265.5617.25.camel@localhost.localdomain>
	<000001c637b3$a54b0a70$0a00a8c0@thebeast>
	<d4f1333a0602230336t5d29532fp704af80b67e58cfb@mail.gmail.com>
	<1141326676.9163.5.camel@localhost.localdomain>
	<d4f1333a0603021908h33614acbn7e8d96524684b093@mail.gmail.com>
Content-Type: text/plain
Date: Fri, 03 Mar 2006 08:49:42 -0300
Message-Id: <1141386582.9163.19.camel@localhost.localdomain>
Mime-Version: 1.0
X-Mailer: Evolution 2.4.2.1 
Content-Transfer-Encoding: 7bit
Cc: Greg Hennessy <Greg.Hennessy@nviz.net>, freebsd-pf@freebsd.org
Subject: Re: Dirty NAT tricks
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Mar 2006 11:49:48 -0000

Hello Travis, tranks again by reply!

On Thu, 2006-03-02 at 21:08 -0600, Travis H. wrote:

> > -> PF rules:
> > binat on $vpn_if from 192.168.10.0/24 to any -> 192.168.0.0/24
> > binat on $vpn_if from 192.168.0.0/24 to any -> 192.168.10.0/24
> 
> The last rule must be on the laptop, the first must be on the VPN gateway.

So, I have two big problems: 

1-) I'm in Brazil, and my clients (is more than one) don't stay here,
and yes in all the world (italy, eua, germany...)

2-) The notebooks clients is running Window$ XP :-/


> > My first ping  is E.O.K (TTL=126) but all the others I don't have reply
> > (75% lost).
> >
> > Can somebody help me?
> 
> What does your state table look like on both machines?

Maybe the problem is here, because my VPN Server is my CARP backup
machine, you state table is sincronized by pfsync with the CARP master
(defaulf gateway of the machines). Is this another big problem? :-/

Thank you!
-- 
Tiago Cruz
http://linuxrapido.org