Re: GRE and PF problem
From: Alex Povolotsky (tarkhil_at_webmail.sub.ru)
Date: 07/14/05
- Previous message: compunction: "Re: GRE and PF problem"
- In reply to: compunction: "Re: GRE and PF problem"
- Next in thread: Alex Povolotsky: "Re: GRE and PF problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 14 Jul 2005 10:37:04 +0400 To: compunction <compunction@gmail.com>
compunction wrote:
>GRE needs to pass bidirectional. You will need a binat to make it
>work. I have not found a firewall that will allow GRE to work with a
>many to one nat.
>
>
The most painful thing is that pf's nat works for GRE - SOMETIMES :-(
The only thing firewall needs to implement for natting GRE is creation
of two rules (forward and back) for GRE packet, just like it does for ICMP.
I'm not a firewall writer, but as far as I understand general procedural
programming, it cannot be THAT complicated.
Alex.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: compunction: "Re: GRE and PF problem"
- In reply to: compunction: "Re: GRE and PF problem"
- Next in thread: Alex Povolotsky: "Re: GRE and PF problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
