Dirty NAT tricks
Travis H.
solinym at gmail.com
Thu Mar 2 19:08:43 PST 2006
On 3/2/06, Tiago Cruz <tiagocruz at forumgdh.net> wrote:
> > As Brian Candler pointed out, you can do this with a binat to a
> > fictitious network on the client, then a binat back on the VPN server.
> -> PF rules:
> binat on $vpn_if from 192.168.10.0/24 to any -> 192.168.0.0/24
> binat on $vpn_if from 192.168.0.0/24 to any -> 192.168.10.0/24
The last rule must be on the laptop, the first must be on the VPN gateway.
> My first ping is E.O.K (TTL=126) but all the others I don't have reply
> (75% lost).
>
> Can somebody help me?
What does your state table look like on both machines?
--
Security Guru for Hire http://www.lightconsulting.com/~travis/ -><-
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
More information about the freebsd-pf
mailing list