bidirectional NAT in PF?
David DeSimone
fox at verio.net
Sat Sep 6 22:31:15 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
secucatcher at free.fr <secucatcher at free.fr> wrote:
>
> > Is this true, that PF supports bidirectional NAT? That is, NAT of
> > both the source and the destination IP in a connection, at the same
> > time?
>
> "binat" was not working for u ?
> binat on $ifext from private-ip to any -> public-ip
I think I am using the wrong terminology. I should probably call it
"double NAT" to differentiate it. "binat" works fine but it still only
changes ONE of the IP's being translated (the source IP). In PF, you
can use "nat" to translate the source IP, and "redir" to change the dest
IP, but what if you want to change both? There is no direct way to do
this, so I am wondering if two different rules could be matched at
different times during the packet's transit through the gateway.
- --
David DeSimone == Network Admin == fox at verio.net
"I don't like spinach, and I'm glad I don't, because if I
liked it I'd eat it, and I just hate it." -- Clarence Darrow
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFIwwSnFSrKRjX5eCoRAsVtAJ97T8ALAm7SnrAx362biLvFNK+4zwCfRblb
l1wrXShJas2NfmKJYXpz/iE=
=RNSP
-----END PGP SIGNATURE-----
This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you.
More information about the freebsd-pf
mailing list