[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cisco vpn client behind 3.2-stable pf firewall difficulties

On Sat, Mar 15, 2003 at 09:03:51PM -0500, jmc wrote:
> #binat on $ext_if from $vpn_client to $vpn_hosts -> $ext_if 
> vpn_hosts="{ xxx.xxx.xxx.xxx, yyy.yyy.yyy.yyy }"
I think this is because binat rules will not expand to more than one
host.  This makes sense since binat is a one to one map, and pf
assumes you don't really want two one to one maps.  Make $vpn_hosts
a single IP address, and then connect to that server.  I forget what
happens if you have two binat rules, one for each host.  It's been a
long time since I've had to deal with this :)
- jolan