18.07.2017 0:26, Kurt Jaeger wrote: > I have a vague idea: > > If you set a tag (or a keep-state :flowname) using a ipfw rule that matches > the incoming gateway MAC and match that tag/check-state flowname and > the connection (keep-state) to fwd the answer packet back to that gateway ?
In fact, the NAT engine already keeps state track of packet flows and uses that to correctly translate answers back to public IP address. All you need is to forward translated outgoing answers to correct channel based on translated external source IP address (read: do policy based forwarding). _______________________________________________ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
