On Fri, Apr 18, 2025 at 02:10:44PM -0700, obs...@loopw.com wrote: > fwiw, even if its only ports being translated its still called NAT (PAT > is a subset of NAT) - internally its all going through the same NAT > functions.
I guess this makes me feel better about it being harder to Google. > breaking out a hex editor... in any event, don't rely on a firewall > layer to do port translation with some NAT gymnastics if you want it to > be as fast as it can be. I hear what you're saying, but now in the spirit of what Mike said, some of the reward is in the sport of it. Who knows, the knowledge of how to do this (if it's possible) may come in handy someday. But also, I don't really want to modify the binary or have my own version of xl2tpd that I compile from source. I know I was concerned about speed earlier, but I can accept a little bit of pf delay for the convenience of running stock code that someone else maintains. Thanks for the suggestion, --T
