From owner-freebsd-pf@FreeBSD.ORG  Fri Jul 18 12:23:38 2008
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E7A161065672
	for <freebsd-pf@freebsd.org>; Fri, 18 Jul 2008 12:23:38 +0000 (UTC)
	(envelope-from cbuechler@gmail.com)
Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.30])
	by mx1.freebsd.org (Postfix) with ESMTP id 8D6C08FC16
	for <freebsd-pf@freebsd.org>; Fri, 18 Jul 2008 12:23:38 +0000 (UTC)
	(envelope-from cbuechler@gmail.com)
Received: by yx-out-2324.google.com with SMTP id 8so96717yxb.13
	for <freebsd-pf@freebsd.org>; Fri, 18 Jul 2008 05:23:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:to
	:subject:cc:in-reply-to:mime-version:content-type
	:content-transfer-encoding:content-disposition:references;
	bh=7oeDQ55AUWJYgFQcHYhXlGHYiTrPAt3w2BLnvkEbAYY=;
	b=GE/5xeZoMogK7qzwh95d9xEM6KZKEDBr8q86dAGmL+rZOwYFzYTTYeb5eTiPYtwQ5I
	sIUq9IPI7G4t2A3vueeURBn42YYRzRz0+WJCJZ6UvI7MGJgDhIir7hjiU9DN11UiSQGd
	KO9653nAprTA0Kdp4W69+jLx/h1O/7ybW4nos=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:to:subject:cc:in-reply-to:mime-version
	:content-type:content-transfer-encoding:content-disposition
	:references;
	b=YEDnlrjhpY00ttkR7D8Hfo5PqyIQtZyttoDLxRZuLEnU400cV1UjMzGuYxktfbEnCu
	1XM4wEUzevtS71wb2QcAcClWpLGZNw84S8uX9jTwz6A7/boaVRKD7glVlW9OhKI7gaYf
	N/etZRblMdyns7qsdol2TKlIXAFuJ+ttgTLls=
Received: by 10.142.223.4 with SMTP id v4mr27490wfg.48.1216383817415;
	Fri, 18 Jul 2008 05:23:37 -0700 (PDT)
Received: by 10.143.43.4 with HTTP; Fri, 18 Jul 2008 05:23:37 -0700 (PDT)
Message-ID: <d64aa1760807180523g2357dfd1r3bf8cdb5568e666f@mail.gmail.com>
Date: Fri, 18 Jul 2008 08:23:37 -0400
From: "Chris Buechler" <cbuechler@gmail.com>
To: "Rudi Kramer - MWEB" <rkramer@mweb.com>
In-Reply-To: <39DC135F7F0571489196E0B6F5D58B4A03B45EED@MWBEXCH.mweb.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <047001c8e87d$8078b710$816a2530$@com>
	<d64aa1760807172036u7f41fc7ctcc8563dd75372211@mail.gmail.com>
	<048f01c8e889$160fffd0$422fff70$@com>
	<d64aa1760807172105n29c9cb67k757d3ea38b3a5958@mail.gmail.com>
	<39DC135F7F0571489196E0B6F5D58B4A03B45EED@MWBEXCH.mweb.com>
Cc: freebsd-pf@freebsd.org
Subject: Re: GRE Limitation
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jul 2008 12:23:39 -0000

On Fri, Jul 18, 2008 at 6:03 AM, Rudi Kramer - MWEB <rkramer@mweb.com> wrote:
>
> I had the same issue and when I checked with our ms-admin team they said
> it was a Microsoft limitation.
>

No, it's an issue with many NAT implementations and how they handle
state for the GRE protocol. pf only tracks source IP, dest IP and
protocol. It has to do something more advanced, like tracking by GRE
call ID in addition to src/dst, to track connections in this manner.

Chris