Re: Hair pinning with pf and NetBSD

To: Daniel Hagerty <hag%linnaean.org@localhost>
Subject: Re: Hair pinning with pf and NetBSD
From: Sarton O'Brien <bsd-xen%roguewrt.org@localhost>
Date: Wed, 25 Nov 2009 10:15:32 +1100

On 25/11/2009 8:22 AM, Daniel Hagerty wrote:

Joerg Sonnenberger<joerg%britannica.bec.de@localhost>  writes:

The problem is that the traffic will not pass through the router again.
The destination will try to access the machine directly on the local
network. Either that or I am not completely clear what you are actually
doing in terms of NAT.


     You have to rewrite *both* the src and dst addresses for this case
to work, with the idea being that the source address is something that
the destination host will route through the nat.  The NAT can do the
obvious inverse transformation for any return packets.

     I've also never seen this implemented, so I'd love to know what
the OP's customer is thinking of.

I've seen this implemented but only with iptables using both DNAT andSNAT using prerouting and postrouting rules respectively. Unfortunatelyall connections appear to originate from the router, which isn't anissue if there is some kind of session logging.


I'd be interested to see the pf equivalent :)

Sarton

Follow-Ups:
- Re: Hair pinning with pf and NetBSD
  - From: Malcolm Herbert
- Re: Hair pinning with pf and NetBSD
  - From: Joerg Sonnenberger

References:
- Re: Hair pinning with pf and NetBSD
  - From: Brian Buhrow
- Re: Hair pinning with pf and NetBSD
  - From: Joerg Sonnenberger
- Re: Hair pinning with pf and NetBSD
  - From: Daniel Hagerty

Prev by Date: Re: Hair pinning with pf and NetBSD
Next by Date: Re: Hair pinning with pf and NetBSD
Previous by Thread: Re: Hair pinning with pf and NetBSD
Next by Thread: Re: Hair pinning with pf and NetBSD
Indexes:

Home | Main Index | Thread Index | Old Index