GRE and PF problem
tarkhil at webmail.sub.ru
Thu Jul 14 06:43:11 GMT 2005
>GRE needs to pass bidirectional. You will need a binat to make it
>work. I have not found a firewall that will allow GRE to work with a
>many to one nat.
The most painful thing is that pf's nat works for GRE - SOMETIMES :-(
The only thing firewall needs to implement for natting GRE is creation
of two rules (forward and back) for GRE packet, just like it does for ICMP.
I'm not a firewall writer, but as far as I understand general procedural
programming, it cannot be THAT complicated.
More information about the freebsd-net