Sounds like the answer is no. Since pfSense uses the OpenBSD pf filter engine and that FAQ clearly states that pf doesn't support hairpinning (I still haven't found any useful documentation on what this really means), we don't support it.
--Bill On 5/11/07, Alexander Norman - XH.se <[EMAIL PROTECTED]> wrote:
I'm using an implementation of JStunt ( http://nutss.gforge.cis.cornell.edu/jstunt-faq.php ) which works fine when there's only 1 client behind the NAT using the JStunt framework. A simple description of the process would be that each host that need to communicate with eachother setup an "Endpoint" and register with rendevouz-server. It works to setup one endpoint behind pfSense and pass through the NAT in both directions. Outside hosts can get a direct socket with me after negotiating with rendevouz-server and hooking to my endpoint. However when there is two endpoints behind the same pfsense NAT device only one will be able to connect. For test purposes I setup two instances of my NAT-traversing software on the same computer behind pfsense. Usually I'm able to use rendevouz-server (outside NAT) which gives me a destination address and port. But this time I wasn't able to hook up to my other endpoint on the same computer. It works when I'm behind another NAT translating device. I can connect from my local network to rendevouz server which gives me a connection in from outside. (hairpin translation if Im not entirely wrong about word choices) A list of results of full results from framework developers can be found at https://www.guha.cc/saikat/stunt-results.php . BSD pf NAT is mentioned at the bottom. Im currently testing to make sure pfsense is working NAT to NAT which also seem to have trouble. It might be related but it may also be due to an outdated version of the framework or something with the rendevouz-server. Will investigate further. Best regards Alexander Norman Chris Buechler skrev: > Bill Marquette wrote: >> I suspect he's talking about NAT-PMP >> (http://files.dns-sd.org/draft-cheshire-nat-pmp.txt) > > Which seems mostly like a (currently) Apple-specific implementation of > uPNP? > > NAT-PMP is not supported, though uPNP is. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
