[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pf + enc
On Wed, Jul 17, 2002 at 04:13:22PM -0300, Cedric Berger wrote:
> This is not the best possible design, but if you know what to do, it works.
> There is also a chicked-or-egg-first problem when handling rules like
> "nat on enc0" or "rdr on enc0", which could only be solved properly by
> having the NAT code talking with the IPSec policy layer for deciding
> if an outgoing packet should or shouldn't be nat'd.
Thanks for your explanation, which matches all my observations so far.
You can possibly solve the nat/rdr issue by specifying the protocol the
translation rule should apply to, assuming this singles out the pass
through the enc interface you want to translate.
- Re: pf + enc
- From: Cedric Berger <email@example.com>