Sebastiaan van Erk wrote:
nat on $ext_if from { $int_net, $wifi_net } to any -> $ext_if
This is the nub of the problem, 'hide' NAT breaks GRE.
To successfully do 'Many:1' NAT of GRE requires a rewrite of the GRE
call id header to track each session in a manner analagous to rewriting
the source port of a 'hide' natted tcp/udp session.
The last time I looked, Daniel, Henning et al have not added that
facility to PF as of yet.
You can statically translate the flow instead which should sort the
problem.
Greg
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
