Subject: Re: GIF-Tunnel through IPfilter NAT?
To: None <hubert.feyrer@informatik.fh-regensburg.de>
From: Ignatios Souvatzis <ignatios@cs.uni-bonn.de>
List: tech-net
Date: 02/14/2000 10:13:56
On Mon, Feb 14, 2000 at 01:58:56AM +0100, Hubert Feyrer wrote:
> On Sun, 13 Feb 100, Darren Reed wrote:
> > If you have a line like "map de0 0/0 -> 0/32" (no proto section) then it
> > will translate tunnel'd (non-udp/tcp) packets too.
>
> I wonder what I would give the "outside" tunnel endpoint as the remote v4
> IP number - that of the NATting router? Unlikely. The internal number
> behind the NATting router? even more unlikely...
If at all, the NAT box, yes.
But all this problem arises because NATing is a bad idea per se, as it
breaks "network transparency". There's an IETF working group informational
document about this...
Best regards,
-is
--
* Progress (n.): The process through which Usenet has evolved from
smart people in front of dumb terminals to dumb people in front of
smart terminals. -- obs@burnout.demon.co.uk (obscurity)