Dirty NAT tricks
Tiago Cruz
tiagocruz at forumgdh.net
Thu Mar 2 11:11:21 PST 2006
Hello Guys,
On Thu, 2006-02-23 at 05:36 -0600, Travis H. wrote:
> As Brian Candler pointed out, you can do this with a binat to a
> fictitious network on the client, then a binat back on the VPN server.
> I don't know what he means by "reversing the in/out sense", as binat
> is bidirectional.
I did a lot of things in the last week:
-> My LAN is 192.168.0.0/22
-> OpenVPN, route to clients:
push "route 192.168.10.0 255.255.255.0"
-> PF rules:
binat on $vpn_if from 192.168.10.0/24 to any -> 192.168.0.0/24
binat on $vpn_if from 192.168.0.0/24 to any -> 192.168.10.0/24
In the notebook client, when I try to ping 192.168.10.19 (in the true,
is the 192.168.0.19):
15:56:56.197170 IP 10.8.0.6 > 192.168.10.19: ICMP echo request, id 512, seq 5121, length 40
15:56:56.197779 IP 192.168.0.19 > 10.8.0.6: ICMP echo reply, id 512, seq 5121, length 40
My first ping is E.O.K (TTL=126) but all the others I don't have reply
(75% lost).
Can somebody help me?
Many thanks
--
Tiago Cruz
http://linuxrapido.org
More information about the freebsd-pf
mailing list