> Now about the userland inspection. I wonder if it's not possible with just > what we've now, i.e a using a proxy, RDR and NAT: > 1) the incoming connection is RDRed to the "inspection proxy" > 2) the inspection proxy open a new socket / new UDP packet to the real > destination > 3) somehow, a NAT rule is created to make that 2nd connection > originate from the > same socket as the first connection/packet. > Would that work?
Yup. That's the easiest way to do it (and the most secure). I believe the original post didn't want the connection terminated on the firewall. .mike
