Re: GRE and PF problem
From: compunction (compunction_at_gmail.com)
Date: 07/14/05
- Previous message: gnn_at_freebsd.org: "Re: Problem with Path MTU Discovery"
- In reply to: Alex Povolotsky: "GRE and PF problem"
- Next in thread: Alex Povolotsky: "Re: GRE and PF problem"
- Reply: Alex Povolotsky: "Re: GRE and PF problem"
- Reply: Alex Povolotsky: "Re: GRE and PF problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 14 Jul 2005 01:31:36 -0400 To: Alex Povolotsky <tarkhil@webmail.sub.ru>
GRE needs to pass bidirectional. You will need a binat to make it
work. I have not found a firewall that will allow GRE to work with a
many to one nat.
-Mark
On 7/13/05, Alex Povolotsky <tarkhil@webmail.sub.ru> wrote:
> Hello!
>
> I'm using FreeBSD (5.3-RELEASE-p5) as internet access server, and I have
> to NAT GRE packets. I'm using pf.
>
> The problem is that SOMETIMES PF fails to create proper rule using nat,
> while binat works fine.
>
> Not only I do not want to expose Windows boxes (even if those addresses
> are firewalled), but it's also a terrible waste of real IPs.
>
> Can anyone point me if I have incorrect PF config, or PF just work
> poorly with gre?
>
> Alex.
>
>
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: gnn_at_freebsd.org: "Re: Problem with Path MTU Discovery"
- In reply to: Alex Povolotsky: "GRE and PF problem"
- Next in thread: Alex Povolotsky: "Re: GRE and PF problem"
- Reply: Alex Povolotsky: "Re: GRE and PF problem"
- Reply: Alex Povolotsky: "Re: GRE and PF problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
