Re: Hiding NATs with PF
From: Max Bolingbroke (batterseapower_at_hotmail.com)
Date: 09/29/05
- Next message: Greg Hennessy: "Re: Hiding NATs with PF"
- Previous message: Marc Espie: "Re: KDE 3.4.2"
- In reply to: Daniel Hartmeier: "Re: Hiding NATs with PF"
- Next in thread: Greg Hennessy: "Re: Hiding NATs with PF"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 29 Sep 2005 02:36:23 -0700
Daniel Hartmeier wrote:
> On 28 Sep 2005 09:52:29 -0700, tedu wrote:
>
> > Does synproxy create a new packet or just tweak the ip of the original?
>
> Good point. It does create a new one. But the handshake isn't the only
> evidence to detect different stacks. I guess it depends on how clever
> the ISP is.
I had actually tried to use this. However, adding the synproxy state
option to outgoing traffic causes no packets whatsoever to be passed to
the outside! Can anyone see what might be wrong when:
pass out on $ext_if proto tcp all modulate state
pass out on $ext_if proto { udp, icmp } all keep state
Works fine and:
pass out on $ext_if proto tcp all synproxy state
pass out on $ext_if proto { udp, icmp } all keep state
Does not?
Thanks in advance,
Max
- Next message: Greg Hennessy: "Re: Hiding NATs with PF"
- Previous message: Marc Espie: "Re: KDE 3.4.2"
- In reply to: Daniel Hartmeier: "Re: Hiding NATs with PF"
- Next in thread: Greg Hennessy: "Re: Hiding NATs with PF"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
