bidirectional NAT in PF?
mouss
mouss at netoyen.net
Mon Sep 8 07:05:07 UTC 2008
David DeSimone wrote:
> I think I am using the wrong terminology. I should probably call it
> "double NAT" to differentiate it. "binat" works fine but it still only
> changes ONE of the IP's being translated (the source IP). In PF, you
> can use "nat" to translate the source IP, and "redir" to change the dest
> IP, but what if you want to change both? There is no direct way to do
> this, so I am wondering if two different rules could be matched at
> different times during the packet's transit through the gateway.
>
the common way is to use two rules: a nat and an rdr. This is used to
fix the "reflection problem" for instance. I have used it with ipfilter
in the past (though not for a reflection issue, but for a dmz setup),
but I guess it works similarly on pf and other filters.
More information about the freebsd-pf
mailing list