Date: Fri, 30 Apr 2010 11:39:27 +0200 From: Antonio Bonifati <ant@cc-ict-sud.it> To: freebsd-pf@freebsd.org Subject: NAPT on an routed address pool: problem with the broadcast address Message-ID: <l2vdefea2ab1004300239mf76ecdbfoad9171522d283bdd@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi to all. I have a question relating to NAPT on an address pool. I'm using PF with a rule like this: nat on $my_outbound_if from $my_internal_net to any -> $my_CIDR_pool source-hash My internal net has more private IPs than those of the public pool. In order for this to work I've noticed all the pool's addresses must be bound to my outbound router interface. This worked for me when my router was connected to a switch. But now it is connected to another router. They gave me a CIDR pool but the broadcast address is not routed and I cannot configure it as an alias of course. How can I use my full CIDR pool with source-hash natting? I'm experiencing random connection freezes when I use the above rule. I believe this happens because PF selects the broadcast address for some mappings. BTW why does PF require that only a CIDR pool must be used with source-hash? Could something be done on the other side to work this problem out? E.g. is it possible to configure a router to also route the broadcast address in a static route? thanks for helping -- Antonio Bonifati BLOG: http://antonio-bonifati.blogspot.com My profile: http://www.google.com/profiles/antonio.bonifati
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?l2vdefea2ab1004300239mf76ecdbfoad9171522d283bdd>