Darren Reed <darrenr%netbsd.org@localhost> writes: > On 12/11/2013 12:37 PM, Greg Troxel wrote: >> >> Darren Reed <darrenr%netbsd.org@localhost> writes: >> >> They have to match on both ends, inversely. > > When NAT is involved and NetBSD is behind the NAT device, how can they? I meant that the inbound policy on one system has to match the same packets that the outbound policy on the other system matches. So if you are using wildcard on address and just destination ports on machines with global addresses, that should be ok.
Attachment:
pgpEunAnugReD.pgp
Description: PGP signature