[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
NAT + Modulate.
Since I didn't get an answer on this one I'm reposting it.
I'm NATing on the external interface so I can't do something like?:
#Modulate weak clients sequence number
pass out quick on $ExtIF inet proto tcp from $WeakClientsIP \
to any flags S/SAFPRU modulate state
pass out quick on $ExtIF inet proto tcp from $ExtIP to any \
flags S/SAFPRU keep state
So or I modulate everything that get out (which I think would
modulate the firewall's own already excellent sequence numbers or I
have to live with the weak clients sequence numbers. Did get
something wrong or is this the way it's done?
Please keep in mind that I don't want to upgrade until 3.3 release,
so lists and such thins is a no no for now. But enlight me if those
would be a solution