Date: Sat, 6 Sep 2008 14:14:04 -0500 From: "David DeSimone" <fox@verio.net> To: <freebsd-pf@freebsd.org> Subject: Re: bidirectional NAT in PF? Message-ID: <20080906191403.GJ1949@verio.net> In-Reply-To: <20080906204042.16491860@desktop> References: <1220706618.48c2813ab9cc6@imp.free.fr> <20080906204042.16491860@desktop>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 secucatcher@free.fr <secucatcher@free.fr> wrote: > > sorry for the disturbing time > i find: > rdr on $if_ext proto tcp from $int_net to <pub ip> port 80 -> \ > <priv ip> > > nat on $if_int inet from <priv ip> to any -> <pub ip> > > i nat on the internal interface and it is just working Is this true, that PF supports bidirectional NAT? That is, NAT of both the source and the destination IP in a connection, at the same time? I had attempted this in the past but I could not find a rule syntax that would accomplish it. Looking at the above, it appears that this may be possible because PF processes the rulebase twice for forwarded traffic; once on input, and again on output. If the inbound packet matched a "rdr" rule, and the outbound matched a "nat" rule, this would accomplish bidirectional NAT? Interesting technique, if it works. - -- David DeSimone == Network Admin == fox@verio.net "I don't like spinach, and I'm glad I don't, because if I liked it I'd eat it, and I just hate it." -- Clarence Darrow -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFIwtZ7FSrKRjX5eCoRAgMIAJ9x6RUt1XwvKs67moiSKa+e1FMt2wCfYPJ2 GdSU08YZvJWvjFOw3zd8kpI= =92NZ -----END PGP SIGNATURE----- This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080906191403.GJ1949>