Dirty NAT tricks
Tiago Cruz
tiagocruz at forumgdh.net
Fri Mar 3 03:49:48 PST 2006
Hello Travis, tranks again by reply!
On Thu, 2006-03-02 at 21:08 -0600, Travis H. wrote:
> > -> PF rules:
> > binat on $vpn_if from 192.168.10.0/24 to any -> 192.168.0.0/24
> > binat on $vpn_if from 192.168.0.0/24 to any -> 192.168.10.0/24
>
> The last rule must be on the laptop, the first must be on the VPN gateway.
So, I have two big problems:
1-) I'm in Brazil, and my clients (is more than one) don't stay here,
and yes in all the world (italy, eua, germany...)
2-) The notebooks clients is running Window$ XP :-/
> > My first ping is E.O.K (TTL=126) but all the others I don't have reply
> > (75% lost).
> >
> > Can somebody help me?
>
> What does your state table look like on both machines?
Maybe the problem is here, because my VPN Server is my CARP backup
machine, you state table is sincronized by pfsync with the CARP master
(defaulf gateway of the machines). Is this another big problem? :-/
Thank you!
--
Tiago Cruz
http://linuxrapido.org
More information about the freebsd-pf
mailing list