tech-net: Re: GIF-Tunnel through IPfilter NAT?

Subject: Re: GIF-Tunnel through IPfilter NAT?
To: None <hubert.feyrer@informatik.fh-regensburg.de>
From: Ignatios Souvatzis <ignatios@cs.uni-bonn.de>
List: tech-net
Date: 02/14/2000 10:13:56

On Mon, Feb 14, 2000 at 01:58:56AM +0100, Hubert Feyrer wrote:
> On Sun, 13 Feb 100, Darren Reed wrote:
> > If you have a line like "map de0 0/0 -> 0/32" (no proto section) then it
> > will translate tunnel'd (non-udp/tcp) packets too.
> 
> I wonder what I would give the "outside" tunnel endpoint as the remote v4
> IP number - that of the NATting router? Unlikely. The internal number
> behind the NATting router? even more unlikely...

If at all, the NAT box, yes. 

But all this problem arises because NATing is a bad idea per se, as it 
breaks "network transparency". There's an IETF working group informational
document about this...

Best regards, 
	-is

-- 
 * Progress (n.): The process through which Usenet has evolved from
   smart people in front of dumb terminals to dumb people in front of
   smart terminals.  -- obs@burnout.demon.co.uk (obscurity)