Date: Mon, 19 Nov 2012 19:46:52 -0500 From: Kevin Wilcox <kevin.wilcox@gmail.com> To: fox@verio.net, Peter McAlpine <peter@aoeu.ca>, freebsd-pf@freebsd.org Subject: Re: Routing return NAT traffic based on interface Message-ID: <CAFpgnrPo8Nx8AT8PujqNXsKk3UUTB5hZWyBATX-m9oZ1rWQY1A@mail.gmail.com> In-Reply-To: <20121119235601.GK2692@verio.net> References: <CAEDV4ypAo21-4KYws0LTxC%2BXSNNtSmWvMpvFGro6BqNH2z==Wg@mail.gmail.com> <CAFpgnrO3o1==XtxDK__KmEhX1C947DHhj5N_NptKomFBba3fzQ@mail.gmail.com> <CAEDV4ypG9vA4iDVkHD2gSJ3J81DNSMjjoU2_98Jd-2V=nXHz7g@mail.gmail.com> <CAFpgnrO9r_L1syR4STqvNJHTQ2cCFo6U711JNc_Uu-_eEkTQfg@mail.gmail.com> <CAFpgnrN4UWHrkS1sGAqy6jf4vL%2BXi9b%2BoCfbZEF_T=xWt-D6tQ@mail.gmail.com> <20121119235601.GK2692@verio.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 19 November 2012 18:56, David DeSimone <fox@verio.net> wrote: > This doesn't seem right, because even traffic coming in via the external > interface will have its target IP changed to be the router, even if > it is destined for some other place. Previously you were using "from > $int_if:network" to prevent this from happening to other traffic, but > without that restriction, every packet would be subject to NAT. My assumption was that the traffic coming in on the external interface is already destined for the outside IP of the router, unless he's doing some really funky stuff on both sides ;) It sounded like he wanted to NAT anything coming from the inside interface and then anything on the outside that wasn't return NAT traffic was supposed to terminate on the router, but I've been known to have clogged ears and awfully poor eyesight. kmw
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFpgnrPo8Nx8AT8PujqNXsKk3UUTB5hZWyBATX-m9oZ1rWQY1A>