Date: Fri, 18 Jul 2008 08:23:37 -0400 From: "Chris Buechler" <cbuechler@gmail.com> To: "Rudi Kramer - MWEB" <rkramer@mweb.com> Cc: freebsd-pf@freebsd.org Subject: Re: GRE Limitation Message-ID: <d64aa1760807180523g2357dfd1r3bf8cdb5568e666f@mail.gmail.com> In-Reply-To: <39DC135F7F0571489196E0B6F5D58B4A03B45EED@MWBEXCH.mweb.com> References: <047001c8e87d$8078b710$816a2530$@com> <d64aa1760807172036u7f41fc7ctcc8563dd75372211@mail.gmail.com> <048f01c8e889$160fffd0$422fff70$@com> <d64aa1760807172105n29c9cb67k757d3ea38b3a5958@mail.gmail.com> <39DC135F7F0571489196E0B6F5D58B4A03B45EED@MWBEXCH.mweb.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jul 18, 2008 at 6:03 AM, Rudi Kramer - MWEB <rkramer@mweb.com> wrote: > > I had the same issue and when I checked with our ms-admin team they said > it was a Microsoft limitation. > No, it's an issue with many NAT implementations and how they handle state for the GRE protocol. pf only tracks source IP, dest IP and protocol. It has to do something more advanced, like tracking by GRE call ID in addition to src/dst, to track connections in this manner. Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d64aa1760807180523g2357dfd1r3bf8cdb5568e666f>