I've been probably dreaming too, but I would love to have some kind of
"scrub tcp" that would reassemble the stream, before forwarding it.
That would allow me to easily bypass the "PMTU" problems for example,
without having to tweak all clients (Win2000 & friends will send 1500
byte segments, the gateway will reassemble them, and regenerate 1300
bytes segments to the destination transparently, wow)
Is that a crazy idea?
use the max-mss scrub option. the hosts should then take care of it themselves. some nat/dsl routers automatically do this.
.mike
Hey, great! I guess that solves my main problem, thanks!
Now about the userland inspection. I wonder if it's not possible with just what we've now, i.e a using a proxy, RDR and NAT:
1) the incoming connection is RDRed to the "inspection proxy"
2) the inspection proxy open a new socket / new UDP packet to the real destination
3) somehow, a NAT rule is created to make that 2nd connection originate from the
same socket as the first connection/packet.
Would that work? Cedric
