GRE and PF problem
Sten Daniel Sørsdal
lists at wm-access.no
Fri Jul 15 09:30:30 GMT 2005
Stephen J. Bevan wrote:
> Giovanni P. Tirloni writes:
> > I don't know how PF keeps tracks of ICMP packets but there must be a
> > way for it to distinguish between a packet destined to 192.168.0.1 or 0.2.
>
> An ICMP ECHO REQUEST message has a 16-bit id field which can be
> altered by NAT to identify the originating machine.
>
> There isn't really an equivalent when using a minimal GRE header. If
> GRE checksums are turned on then the 16-bit Reserved1 field could be
> abused for NAT purposes.
Not for GRE but for PPTP (which uses GRE but with a slight addition).
CALL ID, a unique number assigned by the PPTP server per session.
AFAIK. There are some firewalls out there that uses this ID.
--
Sten Daniel Sørsdal
More information about the freebsd-net
mailing list