Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Hair pinning with pf and NetBSD



On Tue, Nov 24, 2009 at 10:22:06AM -0800, Brian Buhrow wrote:
>       Hello.  I have a situation where a customer wants to talk from a box
> on a private network to a box on the same private network, but using the
> other box's external IP address.

Unless the traffic is routed (e.g. same interface, but different
networks), the firewall will not be part of the connection and can't do
anything. This is independent of the technology used for the firewall.
If you do have different networks on the same interface, you can use PF
and reflect back. There are some pitfalls for such a setup, but it
definitely works to some degree. 

Joerg


Home | Main Index | Thread Index | Old Index