GRE and PF problem
Stephen J. Bevan
stephen at dino.dnsalias.com
Fri Jul 15 06:01:35 GMT 2005
Giovanni P. Tirloni writes:
> I don't know how PF keeps tracks of ICMP packets but there must be a
> way for it to distinguish between a packet destined to 192.168.0.1 or 0.2.
An ICMP ECHO REQUEST message has a 16-bit id field which can be
altered by NAT to identify the originating machine.
There isn't really an equivalent when using a minimal GRE header. If
GRE checksums are turned on then the 16-bit Reserved1 field could be
abused for NAT purposes.
More information about the freebsd-net
mailing list