Date: Tue, 04 Feb 2003 07:33:18 -0800 From: Michael Sierchio <kudzu@tenebras.com> To: Mikhail Teterin <mi+kde@aldan.algebra.com> Cc: net@FreeBSD.org Subject: Re: Does natd(8) really need to see _all_ packets? Message-ID: <3E3FDD3E.70609@tenebras.com> In-Reply-To: <200302040027.30781@aldan> References: <200302040027.30781@aldan>
next in thread | previous in thread | raw e-mail | index | archive | help
Mikhail Teterin wrote: > Does natd(8) really need to see _all_ packets? Not at all, as you've guessed. Subtleties abound with stateful rules, and side effects of using the divert mechanism, such as: after returning from natd packets don't know which interface they came in on. Matching rules therefore becomes tricky. I manage to do without skipto rules, your kilometrage may vary. Traffic that is destined to the host itself from the outside may be handled via rules that match before reaching the divert rule(s). Likewise, traffic that is between hosts on the local nets may be matched before nat'ing. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E3FDD3E.70609>