compunction wrote:
GRE needs to pass bidirectional. You will need a binat to make it
work. I have not found a firewall that will allow GRE to work with a
many to one nat.
The most painful thing is that pf's nat works for GRE - SOMETIMES :-(
The only thing firewall needs to implement for natting GRE is creation
of two rules (forward and back) for GRE packet, just like it does for ICMP.
I'm not a firewall writer, but as far as I understand general procedural
programming, it cannot be THAT complicated.
Alex.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
