On 18. aug. 2013, at 02.43, Adam Vande More wrote: > > What about SSL/TLS for example? How would the router swap the header in an > > encrypted session? > > Same as it would any sessions since only the payload is encrypted. What > Frank calls basic nat, most people call static nat(at least people who have > read enough Cisco docs) and it works just fine. Also you are confusing > headers.
The point I was aiming for was that even if you were to swap the IPs in the IP-header on the gateway, some protocols still reference the IPs inside the TCP-payload, and while you can rewrite that on a NAT-box using an application level gateway, you can not do that if the session is using SSL or TLS. I was referring to headers *inside* the SSL/TLS-layers. I thought that was obvious, but I see I might not have been clear enough. Yes, you can often still resolve it on the server, but just how messy does one want to get stacking workaround on top of workaround, just to avoid renumbering the network? Terje _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
