[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: binat and filtering

On Tuesday, Jun 3, 2003, at 00:41 US/Pacific, Volker Kindermann wrote:

binat on fxp0 from $web_serv_int to any -> $web_serv_ext

How are the packets seen by the filter? Is it:

- for incoming packets:
  src: internet address of client
  dst: web_serv_int (that is after binat)

- for outgoing packets:
  src: web_serv_ext (that is after binat)
  dst: address of (e.g.) dnsserver

Is this correct?

Yes. There's a flowchart here: http://mniam.net/pf/pf.png