* Cameron Simpson <c...@zip.com.au> [2013-04-05 11:01]: > On 05Apr2013 08:45, Daniel Hartmeier <dan...@benzedrine.cx> wrote: > | If you need NAT, you have to do that on the external interface, and it > | requires (implies, even) creating states. > > I was imagining NATing on an internal virtual interface to a private > address on some kind of internal virtual interface; this might keep > the necessary state without being the outmost layer.
NAT can be applied in any direction and on any interface on recent openbsd, so that won't stop you. the manoage has the caveats for the respective "unnatural" direction. you might get away with 2 routing domains. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
