[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf nat + gre (pptp pass through)



--As of Friday, July 30, 2004 9:12 PM +0100, Dominique Jacquel is alleged to have said:

I posted on [email protected] on the same topic a few days ago. I have
looked at the problem a bit closer now and I am hoping to get comments
and advice ... and hopefully a bit of flame too! :-) I have studied some
of the pf code in search for a solution and this is the solution I am
pondering:

--As for the rest, it is mine.


Sounds to me like you are looking for a way to do protocol-specific nat/rewriting handling. My advice: Don't. Write a proxy, and direct the connection through that if necessary. rdr to the proxy from the firewall, and let the proxy sort out the rest.

Daniel T. Staal

---------------------------------------------------------------
This email copyright the author.  Unless otherwise noted, you
are expressly allowed to retransmit, quote, or otherwise use
the contents for non-commercial purposes.  This copyright will
expire 5 years after the author's death, or in 30 years,
whichever is longer, unless such a period is in excess of
local copyright law.
---------------------------------------------------------------