David DeSimone wrote:
I think I am using the wrong terminology. I should probably call it "double NAT" to differentiate it. "binat" works fine but it still only changes ONE of the IP's being translated (the source IP). In PF, you can use "nat" to translate the source IP, and "redir" to change the dest IP, but what if you want to change both? There is no direct way to do this, so I am wondering if two different rules could be matched at different times during the packet's transit through the gateway.
the common way is to use two rules: a nat and an rdr. This is used to fix the "reflection problem" for instance. I have used it with ipfilter in the past (though not for a reflection issue, but for a dmz setup), but I guess it works similarly on pf and other filters.
_______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
