Re: ipnat on same interface?

Malcolm Herbert:
> not sure whether you're talking ipf or pf here,

ipf + ipnat. Sorry for the confusion.

> but I suspect it's the same answer for both - you can't do NAT in both
> directions on the same interface.

OK. It might be that it turns out to be logically "impossible". Fair

> There apparently is a method to set up this by bouncing traffic via
> lo0 but I've only seen it mentioned as an aside without details, sorry
> ...

Ack. Someone else mentioned creating a tap0, which sounds more enticing.

> routing Internet traffic via lo0 is an ... interesting ... security
> position as well ... :)


> How much traffic are you talking about through this host?

Very little (at least, that's the intention ... ;-).

> If it's fairly minimal, you may want to look at other
> application-level proxying solutions, such as inetd+netcat or
> inetd+socat

That's an interesing track. Thanks for the hint!

> or a web-based reverse proxy (squid is probably too heavy weight for
> this, but there are other tools that are out there)

(This is non-web UDP service, so I assume squid is not a preferable

                                Best regards,
                                  /Lars-Johan Liman

