GRE not natted on FreeBSD 7.1-p2
Greg Hennessy
Greg.Hennessy at nviz.net
Wed Feb 4 10:56:16 PST 2009
Sebastiaan van Erk wrote:
>
>
> nat on $ext_if from { $int_net, $wifi_net } to any -> $ext_if
>
This is the nub of the problem, 'hide' NAT breaks GRE.
To successfully do 'Many:1' NAT of GRE requires a rewrite of the GRE
call id header to track each session in a manner analagous to rewriting
the source port of a 'hide' natted tcp/udp session.
The last time I looked, Daniel, Henning et al have not added that
facility to PF as of yet.
You can statically translate the flow instead which should sort the
problem.
Greg
More information about the freebsd-pf
mailing list