Date: Thu, 02 Mar 2006 16:11:16 -0300 From: Tiago Cruz <tiagocruz@forumgdh.net> To: "Travis H." <solinym@gmail.com> Cc: Greg Hennessy <Greg.Hennessy@nviz.net>, freebsd-pf@freebsd.org Subject: Re: Dirty NAT tricks Message-ID: <1141326676.9163.5.camel@localhost.localdomain> In-Reply-To: <d4f1333a0602230336t5d29532fp704af80b67e58cfb@mail.gmail.com> References: <1140612265.5617.25.camel@localhost.localdomain> <000001c637b3$a54b0a70$0a00a8c0@thebeast> <d4f1333a0602230336t5d29532fp704af80b67e58cfb@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Guys, On Thu, 2006-02-23 at 05:36 -0600, Travis H. wrote: > As Brian Candler pointed out, you can do this with a binat to a > fictitious network on the client, then a binat back on the VPN server. > I don't know what he means by "reversing the in/out sense", as binat > is bidirectional. I did a lot of things in the last week: -> My LAN is 192.168.0.0/22 -> OpenVPN, route to clients: push "route 192.168.10.0 255.255.255.0" -> PF rules: binat on $vpn_if from 192.168.10.0/24 to any -> 192.168.0.0/24 binat on $vpn_if from 192.168.0.0/24 to any -> 192.168.10.0/24 In the notebook client, when I try to ping 192.168.10.19 (in the true, is the 192.168.0.19): 15:56:56.197170 IP 10.8.0.6 > 192.168.10.19: ICMP echo request, id 512, seq 5121, length 40 15:56:56.197779 IP 192.168.0.19 > 10.8.0.6: ICMP echo reply, id 512, seq 5121, length 40 My first ping is E.O.K (TTL=126) but all the others I don't have reply (75% lost). Can somebody help me? Many thanks -- Tiago Cruz http://linuxrapido.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1141326676.9163.5.camel>