On Fri, 30 Jul 2004, Nickolay A. Kritsky wrote: Hi,
> I think I have got your point here, but filtering esp in tunnel mode > is of no use in many scenarios since higher protocol information (like > ports for TCP/UDP) is hidden in encrypted payload. at first it helps you to accept (only) encrypted traffic from your peers. > Correct me if I am wrong but diverting incoming packets wont help. > Libalias will just pass them unNATed. Or has it been changed since > 4.9? Let's see. ... > see? if the incoming packet is not in table, _and_ natd is not running > in proxy_only mode (which is not acceptable here) the packet flows by > without any change. And that's what the `man natd' says. please type man natd /reverse n this should be available in 4.9 too. > BAZ> The ruleset gets quite tricky then but it works here (HEAD from about > BAZ> 82 days ago according to uptime ;-) > > ? Do you mean you have the same scenario? And diverting on inside > interface works for you? yes of course and a lot more on my three inside and two outside interfaces. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
