Will Miles wrote:
The Linux kernel supports doing NAT reflection directly in the kernel, which is why it 'just works' with IPCop. Unfortunately, the FreeBSD gurus claim that their NAT system is not capable of doing this within the packet filtering framework. That said, it /is/ possible to trick it into behaving this way, and I assembled a patch for my own usage to solve this specific problem, but since the experts claim it's not possible there's no guarantee it will behave correctly in all circumstances. I'll see if I can get it together over the weekend - I'm still using one of the 1.2 betas, though, so it'd take me a bit to update it for the RC build. That said, it doesn't remove the proxy-based reflection scheme, so if you're interested in the patch you can always go back to whichever model you find works best for you.
I don't think anyone's ever said it isn't possible, the things I recall reading were more along the lines of not wanting to do it. I don't recall the reasoning offhand.
If you have some change that makes it work, it would be interesting to see. Please post it.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
