From owner-freebsd-pf@FreeBSD.ORG  Sat Sep  6 19:41:58 2008
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A65B61065673
	for <freebsd-pf@freebsd.org>; Sat,  6 Sep 2008 19:41:58 +0000 (UTC)
	(envelope-from secucatcher@free.fr)
Received: from smtp4-g19.free.fr (smtp4-g19.free.fr [212.27.42.30])
	by mx1.freebsd.org (Postfix) with ESMTP id 709EC8FC14
	for <freebsd-pf@freebsd.org>; Sat,  6 Sep 2008 19:41:58 +0000 (UTC)
	(envelope-from secucatcher@free.fr)
Received: from smtp4-g19.free.fr (localhost.localdomain [127.0.0.1])
	by smtp4-g19.free.fr (Postfix) with ESMTP id E08E23EA0EB;
	Sat,  6 Sep 2008 21:41:56 +0200 (CEST)
Received: from desktop (abv73-1-88-186-56-129.fbx.proxad.net [88.186.56.129])
	by smtp4-g19.free.fr (Postfix) with ESMTP id 7EE673EA10C;
	Sat,  6 Sep 2008 21:41:56 +0200 (CEST)
Date: Sat, 6 Sep 2008 21:41:55 +0200
From: <secucatcher@free.fr>
To: "David DeSimone" <fox@verio.net>
Message-ID: <20080906214155.52c6f2e7@desktop>
In-Reply-To: <20080906191403.GJ1949@verio.net>
References: <1220706618.48c2813ab9cc6@imp.free.fr>
	<20080906204042.16491860@desktop> <20080906191403.GJ1949@verio.net>
X-Mailer: Claws Mail 2.6.1 (GTK+ 2.10.11; i486-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: freebsd-pf@freebsd.org
Subject: Re: bidirectional NAT in PF?
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Sep 2008 19:41:58 -0000


> Is this true, that PF supports bidirectional NAT?  That is, NAT of
> both the source and the destination IP in a connection, at the same
> time?
> 
> I had attempted this in the past but I could not find a rule syntax
> that would accomplish it.  Looking at the above, it appears that this
> may be possible because PF processes the rulebase twice for forwarded
> traffic; once on input, and again on output.  If the inbound packet
> matched a "rdr" rule, and the outbound matched a "nat" rule, this
> would accomplish bidirectional NAT?
> 
> Interesting technique, if it works.

"binat" was not working for u ?
binat on $ifext from private-ip to any -> public-ip