Re: Hiding NATs with PF
From: Daniel Hartmeier (daniel_at_benzedrine.cx)
Date: 09/28/05
- Next message: Max Bolingbroke: "Re: Hiding NATs with PF"
- Previous message: Greg Hennessy: "Re: Hiding NATs with PF"
- In reply to: Max Bolingbroke: "Hiding NATs with PF"
- Next in thread: Max Bolingbroke: "Re: Hiding NATs with PF"
- Reply: Max Bolingbroke: "Re: Hiding NATs with PF"
- Reply: tedu: "Re: Hiding NATs with PF"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 28 Sep 2005 14:03:41 GMT
On Wed, 28 Sep 2005 03:01:55 +0100, Max Bolingbroke wrote:
> assume application level proxying is not practical
> in this scenario
Why?
It doesn't have to be application level, a generic TCP proxy will do.
You can redirect connections to it transparently (without the clients'
cooperation) and have the proxy find out the real destination from pf,
connect there and relay. All outgoing connections will then originate
from the OpenBSD box and have its fingerprints.
Or did you mean 'economical', as in you're (ab)using an ISP contract
prohibiting multiple hosts to safe a couple of dollars a month, and
those savings do not warrant you spending time on the setup? Sorry,
in that case it's not worth anyone else's time, either.
> Are there any further ways I can have PF munge my
> outgoing packets so look like they all come from the same flavour of TCP
> stack?
No.
Daniel
- Next message: Max Bolingbroke: "Re: Hiding NATs with PF"
- Previous message: Greg Hennessy: "Re: Hiding NATs with PF"
- In reply to: Max Bolingbroke: "Hiding NATs with PF"
- Next in thread: Max Bolingbroke: "Re: Hiding NATs with PF"
- Reply: Max Bolingbroke: "Re: Hiding NATs with PF"
- Reply: tedu: "Re: Hiding NATs with PF"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
