PF & Inside NAT
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Mon Oct 17 14:27:23 UTC 2011
On 17. Oct 2011, at 14:09 , Damien Fleuriot wrote:
> On 10/17/11 2:50 PM, Eric Masson wrote:
>> Hello,
>>
>> Does the PF 4.5 port present in -current & 9-STABLE support inside NAT
>> please (somewhat like the reverse nat available with libalias) ?
>>
>> Kind Regards
>>
>> Éric Masson
>>
>
> I totally did not understand whatever you're trying to say.
> En d'autres termes, j'ai rien compris.
>
> What do you call "inside nat" ?
>
> If you're referring to the mechanism where a client calls a public IP on
> your firewall, and PF rewrites it to an internal IP, what you want is
> the rdr mechanism.
>
> These will still work, seeing the new rules syntax for PF only appears
> in 4.7
Inside NAT means when the packet arrives at the system rather than leaving it,
as in before any ipsec or routing decision; for long time pf had no concept
of this, and yes, the pf in FreeBSD still lacks it.
/bz
--
Bjoern A. Zeeb You have to have visions!
Stop bit received. Insert coin for new address family.
More information about the freebsd-pf
mailing list