port-pmax: Re: ipf / nat woes on PMAX?

Subject: Re: ipf / nat woes on PMAX?
To: Todd Vierling <tv@wasabisystems.com>
From: Jochen Kunz <jkunz@unixag-kl.fh-kl.de>
List: port-pmax
Date: 03/27/2002 19:27:07

On 2002.03.27 18:05 Todd Vierling wrote:

> You should be able to do a bimap; just reverse the addresses.  A
> mapping should be something like:
> [bi]map OUTSIDEINTERFACE INSIDEADDR/MASK -> OUTSIDEADDR/MASK [OPTIONS]
This is exactely what I do. But I wanted to do it on the inside
interface, so that the packets are NATed _bevore_ routing takes place.
This is importand to make the tunnel end point reachable from the inside
network. If I do the NAT on the tun0 = outside interface packets from
inside to the tunnel end point are routed directly to this machine and
not through tun0. So they are not NATed and the sender address is still
192.168.1.x... 
-- 



tschüß,
         Jochen

Homepage: http://www.unixag-kl.fh-kl.de/~jkunz/