Re: GRE and PF problem
From: Stephen J. Bevan (stephen_at_dino.dnsalias.com)
Date: 07/15/05
- Previous message: Nathanael M Van Vorst: "(no subject)"
- In reply to: Giovanni P. Tirloni: "Re: GRE and PF problem"
- Next in thread: Sten Daniel Sørsdal: "Re: GRE and PF problem"
- Reply: Sten Daniel Sørsdal: "Re: GRE and PF problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 14 Jul 2005 23:01:30 -0700 To: "Giovanni P. Tirloni" <gpt@tirloni.org>
Giovanni P. Tirloni writes:
> I don't know how PF keeps tracks of ICMP packets but there must be a
> way for it to distinguish between a packet destined to 192.168.0.1 or 0.2.
An ICMP ECHO REQUEST message has a 16-bit id field which can be
altered by NAT to identify the originating machine.
There isn't really an equivalent when using a minimal GRE header. If
GRE checksums are turned on then the 16-bit Reserved1 field could be
abused for NAT purposes.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Nathanael M Van Vorst: "(no subject)"
- In reply to: Giovanni P. Tirloni: "Re: GRE and PF problem"
- Next in thread: Sten Daniel Sørsdal: "Re: GRE and PF problem"
- Reply: Sten Daniel Sørsdal: "Re: GRE and PF problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
