[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf + enc

To: Cedric Berger <cedric@wireless-networks.com>
Subject: Re: pf + enc
From: Daniel Hartmeier <daniel@benzedrine.cx>
Date: Wed, 17 Jul 2002 22:33:30 +0200
Cc: tech@openbsd.org
Content-Disposition: inline
References: <20020717162127.GA29996@VANED.NET> <20020717164709.GB24361@insomnia.benzedrine.cx> <3D35C1D2.6080406@wireless-networks.com>
User-Agent: Mutt/1.4i

On Wed, Jul 17, 2002 at 04:13:22PM -0300, Cedric Berger wrote:

> This is not the best possible design, but if you know what to do, it works.
> There is also a chicked-or-egg-first problem when handling rules like
> "nat on enc0" or "rdr on enc0", which could only be solved properly by
> having the NAT code talking with the IPSec policy layer for deciding
> if an outgoing packet should or shouldn't be nat'd.

Thanks for your explanation, which matches all my observations so far.

You can possibly solve the nat/rdr issue by specifying the protocol the
translation rule should apply to, assuming this singles out the pass
through the enc interface you want to translate.

Daniel

Follow-Ups:
- Re: pf + enc
  - From: Cedric Berger <cedric@wireless-networks.com>

References:
- pf + enc
  - From: glaive@vaned.net
- Re: pf + enc
  - From: Daniel Hartmeier <daniel@benzedrine.cx>
- Re: pf + enc
  - From: Cedric Berger <cedric@wireless-networks.com>

Prev by Date: Re: pf + enc
Next by Date: ALTQ problems
Prev by thread: Re: pf + enc
Next by thread: Re: pf + enc
Index(es):
- Date
- Thread