Re: Hair pinning with pf and NetBSD

[buhrow%lothlorien.nfbcal.org@localhost (Brian Buhrow)]

        Hello.  Each box has an internal and external address.  
So, for example, I have two boxes:
192.168.25.2 and 192.168.25.4
Each have external addresses:
157.22.25.2 and 17.22.25.4
(These are theoretical numbers)
The customer wants to be on 192.168.25.2 and talk to 192.168.25.4, but
address it as 157.22.25.4.
The default gateway for these two boxes is the pf router, and, according to
the manual, this doesn't work, because the pf router can only nat when the
packet travels out a different interface from which it came in.
In fact, you can't address the 157.22.25.4 address, except  from a machine
on the outside of the nat.
Our customer wants to use the external address from inside the private
network to ease configuration of his equipment. As long as the pf router
sees the traffic, I don't see why it can't be made to do this, but how to
do it is a little fuzzy to me.
any thoughts?
-thanks
-Brian
On Nov 24,  7:38pm, Joerg Sonnenberger wrote:
} Subject: Re: Hair pinning with pf and NetBSD
} On Tue, Nov 24, 2009 at 10:22:06AM -0800, Brian Buhrow wrote:
} >     Hello.  I have a situation where a customer wants to talk from a box
} > on a private network to a box on the same private network, but using the
} > other box's external IP address.
} 
} Unless the traffic is routed (e.g. same interface, but different
} networks), the firewall will not be part of the connection and can't do
} anything. This is independent of the technology used for the firewall.
} If you do have different networks on the same interface, you can use PF
} and reflect back. There are some pitfalls for such a setup, but it
} definitely works to some degree. 
} 
} Joerg
>-- End of excerpt from Joerg Sonnenberger