[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NAT + Modulate.



Hi guys!
Since I didn't get an answer on this one I'm reposting it.
I'm NATing on the external interface so I can't do something like?:
      #Modulate weak clients sequence number
      pass out quick on $ExtIF inet proto tcp from $WeakClientsIP \
        to any flags S/SAFPRU modulate state
      pass out quick on $ExtIF inet proto tcp from $ExtIP to any \
        flags S/SAFPRU keep state
  So or I modulate everything that get out (which I think would
  modulate the firewall's own already excellent sequence numbers or I
  have to live with the weak clients sequence numbers. Did  get
  something wrong or is this the way it's done?
  Please keep in mind that I don't want to upgrade until 3.3 release,
  so lists and such thins is a no no for now. But enlight me if those
  would be a solution
  
-- 
Best regards,
 Alejandro Belluscio